You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2020/03/01 22:39:11 UTC
svn commit: r1874673 - in /httpd/httpd/trunk: CHANGES
modules/session/mod_session.c
Author: covener
Date: Sun Mar 1 22:39:11 2020
New Revision: 1874673
URL: http://svn.apache.org/viewvc?rev=1874673&view=rev
Log:
PR56052: resolve problems with expired sessions
session_load providers cache the session_rec pointer, so hollow
them out and reuse them instead of replacing them.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/session/mod_session.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1874673&r1=1874672&r2=1874673&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sun Mar 1 22:39:11 2020
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_session: Fix an issue that blocked new sessions being created after
+ session expiration or other session errors. PR56052 [Eric Covener]
+
*) mod_proxy_hcheck: Allow healthcheck expressions to use %{Content-Type}.
PR64140. [Renier Velazco <renier.velazco upr.edu>]
Modified: httpd/httpd/trunk/modules/session/mod_session.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session.c?rev=1874673&r1=1874672&r2=1874673&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/session/mod_session.c (original)
+++ httpd/httpd/trunk/modules/session/mod_session.c Sun Mar 1 22:39:11 2020
@@ -137,23 +137,22 @@ static apr_status_t ap_session_load(requ
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817)
"error while decoding the session, "
"session not loaded: %s", r->uri);
- zz = NULL;
+ /* preserve pointers to zz in load/save providers */
+ memset(zz, 0, sizeof(session_rec));
+ zz->pool = r->pool;
+ zz->entries = apr_table_make(zz->pool, 10);
}
/* invalidate session if session is expired */
if (zz && zz->expiry && zz->expiry < now) {
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "session is expired");
- zz = NULL;
+ /* preserve pointers to zz in load/save providers */
+ memset(zz, 0, sizeof(session_rec));
+ zz->pool = r->pool;
+ zz->entries = apr_table_make(zz->pool, 10);
}
}
- /* no luck, create a blank session */
- if (!zz) {
- zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
- zz->pool = r->pool;
- zz->entries = apr_table_make(zz->pool, 10);
- }
-
/* make sure the expiry and maxage are set, if present */
if (dconf->maxage) {
if (!zz->expiry) {
Re: svn commit: r1874673 - in /httpd/httpd/trunk: CHANGES modules/session/mod_session.c
Posted by Eric Covener <co...@gmail.com>.
> >
> > - /* no luck, create a blank session */
> > - if (!zz) {
> > - zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
> > - zz->pool = r->pool;
> > - zz->entries = apr_table_make(zz->pool, 10);
> > - }
> > -
>
> Why don't we need this any longer? Is there a a guarantee that zz != NULL here?
ty -- restored and explained in comment of r1874691.
Re: svn commit: r1874673 - in /httpd/httpd/trunk: CHANGES
modules/session/mod_session.c
Posted by Ruediger Pluem <rp...@apache.org>.
On 03/01/2020 11:39 PM, covener@apache.org wrote:
> Author: covener
> Date: Sun Mar 1 22:39:11 2020
> New Revision: 1874673
>
> URL: http://svn.apache.org/viewvc?rev=1874673&view=rev
> Log:
> PR56052: resolve problems with expired sessions
>
> session_load providers cache the session_rec pointer, so hollow
> them out and reuse them instead of replacing them.
>
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/modules/session/mod_session.c
>
> Modified: httpd/httpd/trunk/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1874673&r1=1874672&r2=1874673&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Sun Mar 1 22:39:11 2020
> @@ -1,6 +1,9 @@
> -*- coding: utf-8 -*-
> Changes with Apache 2.5.1
>
> + *) mod_session: Fix an issue that blocked new sessions being created after
> + session expiration or other session errors. PR56052 [Eric Covener]
> +
> *) mod_proxy_hcheck: Allow healthcheck expressions to use %{Content-Type}.
> PR64140. [Renier Velazco <renier.velazco upr.edu>]
>
>
> Modified: httpd/httpd/trunk/modules/session/mod_session.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session.c?rev=1874673&r1=1874672&r2=1874673&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/session/mod_session.c (original)
> +++ httpd/httpd/trunk/modules/session/mod_session.c Sun Mar 1 22:39:11 2020
> @@ -137,23 +137,22 @@ static apr_status_t ap_session_load(requ
> ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817)
> "error while decoding the session, "
> "session not loaded: %s", r->uri);
> - zz = NULL;
> + /* preserve pointers to zz in load/save providers */
> + memset(zz, 0, sizeof(session_rec));
> + zz->pool = r->pool;
> + zz->entries = apr_table_make(zz->pool, 10);
> }
>
> /* invalidate session if session is expired */
> if (zz && zz->expiry && zz->expiry < now) {
> ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "session is expired");
> - zz = NULL;
> + /* preserve pointers to zz in load/save providers */
> + memset(zz, 0, sizeof(session_rec));
> + zz->pool = r->pool;
> + zz->entries = apr_table_make(zz->pool, 10);
> }
> }
>
> - /* no luck, create a blank session */
> - if (!zz) {
> - zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
> - zz->pool = r->pool;
> - zz->entries = apr_table_make(zz->pool, 10);
> - }
> -
Why don't we need this any longer? Is there a a guarantee that zz != NULL here?
Regards
RĂ¼diger