You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2015/10/17 00:36:18 UTC
svn commit: r1709121 - in /httpd/httpd/trunk: CHANGES
docs/manual/mod/mod_session.xml modules/session/mod_session.c
modules/session/mod_session.h modules/session/mod_session_cookie.c
modules/session/mod_session_dbd.c
Author: ylavic
Date: Fri Oct 16 22:36:17 2015
New Revision: 1709121
URL: http://svn.apache.org/viewvc?rev=1709121&view=rev
Log:
mod_session: Introduce SessionExpiryUpdateInterval which allows to
configure the session/cookie expiry's update interval. PR 57300.
Submitted by: Paul Spangler <paul.spangler ni.com>
Reviewed/Committed by: ylavic
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/docs/manual/mod/mod_session.xml
httpd/httpd/trunk/modules/session/mod_session.c
httpd/httpd/trunk/modules/session/mod_session.h
httpd/httpd/trunk/modules/session/mod_session_cookie.c
httpd/httpd/trunk/modules/session/mod_session_dbd.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1709121&r1=1709120&r2=1709121&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Oct 16 22:36:17 2015
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_session: Introduce SessionExpiryUpdateInterval which allows to
+ configure the session/cookie expiry's update interval. PR 57300.
+ [Paul Spangler <paul.spangler ni.com>]
+
*) mod_ssl: Extend expression parser registration to support ssl variables
in any expression using mod_rewrite syntax "%{SSL:VARNAME}" or function
syntax "ssl(VARIABLE)". [Rainer Jung]
Modified: httpd/httpd/trunk/docs/manual/mod/mod_session.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_session.xml?rev=1709121&r1=1709120&r2=1709121&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_session.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_session.xml Fri Oct 16 22:36:17 2015
@@ -487,4 +487,41 @@ AuthName "realm"
</usage>
</directivesynopsis>
+<directivesynopsis>
+<name>SessionExpiryUpdateInterval</name>
+<description>Define the number of seconds a session's expiry may change without
+the session being updated</description>
+<syntax>SessionExpiryUpdateInterval <var>interval</var></syntax>
+<default>SessionExpiryUpdateInterval 0 (always update)</default>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
+</contextlist>
+
+<usage>
+ <p>The <directive>SessionExpiryUpdateInterval</directive> directive allows
+ sessions to avoid the cost associated with writing the session each request
+ when only the expiry time has changed. This can be used to make a website
+ more efficient or reduce load on a database when using
+ <module>mod_session_dbd</module>. The session is always written if the data
+ stored in the session has changed or the expiry has changed by more than the
+ configured interval.</p>
+
+ <p>Setting the interval to zero disables this directive, and the session
+ expiry is refreshed for each request.</p>
+
+ <p>This directive only has an effect when combined with
+ <directive module="mod_session">SessionMaxAge</directive> to enable session
+ expiry. Sessions without an expiry are only written when the data stored in
+ the session has changed.</p>
+
+ <note type="warning"><title>Warning</title>
+ <p>Because the session expiry may not be refreshed with each request, it's
+ possible for sessions to expire up to <var>interval</var> seconds early.
+ Using a small interval usually provides sufficient savings while having a
+ minimal effect on expiry resolution.</p></note>
+</usage>
+</directivesynopsis>
+
</modulesynopsis>
Modified: httpd/httpd/trunk/modules/session/mod_session.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session.c?rev=1709121&r1=1709120&r2=1709121&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/session/mod_session.c (original)
+++ httpd/httpd/trunk/modules/session/mod_session.c Fri Oct 16 22:36:17 2015
@@ -177,6 +177,7 @@ static apr_status_t ap_session_save(requ
{
if (z) {
apr_time_t now = apr_time_now();
+ apr_time_t initialExpiry = z->expiry;
int rv = 0;
session_dir_conf *dconf = ap_get_module_config(r->per_dir_config,
@@ -207,6 +208,17 @@ static apr_status_t ap_session_save(requ
z->expiry = now + z->maxage * APR_USEC_PER_SEC;
}
+ /* don't save if the only change is the expiry by a small amount */
+ if (!z->dirty && dconf->expiry_update_time
+ && (z->expiry - initialExpiry < dconf->expiry_update_time)) {
+ return APR_SUCCESS;
+ }
+
+ /* also don't save sessions that didn't change at all */
+ if (!z->dirty && !z->maxage) {
+ return APR_SUCCESS;
+ }
+
/* encode the session */
rv = ap_run_session_encode(r, z);
if (OK != rv) {
@@ -551,6 +563,10 @@ static void *merge_session_dir_config(ap
new->env_set = add->env_set || base->env_set;
new->includes = apr_array_append(p, base->includes, add->includes);
new->excludes = apr_array_append(p, base->excludes, add->excludes);
+ new->expiry_update_time = (add->expiry_update_set == 0)
+ ? base->expiry_update_time
+ : add->expiry_update_time;
+ new->expiry_update_set = add->expiry_update_set || base->expiry_update_set;
return new;
}
@@ -620,6 +636,21 @@ static const char *add_session_exclude(c
return NULL;
}
+static const char *
+ set_session_expiry_update(cmd_parms * parms, void *dconf, const char *arg)
+{
+ session_dir_conf *conf = dconf;
+
+ conf->expiry_update_time = atoi(arg);
+ if (conf->expiry_update_time < 0) {
+ return "SessionExpiryUpdateInterval must be positive or nul";
+ }
+ conf->expiry_update_time = apr_time_from_sec(conf->expiry_update_time);
+ conf->expiry_update_set = 1;
+
+ return NULL;
+}
+
static const command_rec session_cmds[] =
{
@@ -635,6 +666,9 @@ static const command_rec session_cmds[]
"URL prefixes to include in the session. Defaults to all URLs"),
AP_INIT_TAKE1("SessionExclude", add_session_exclude, NULL, RSRC_CONF|OR_AUTHCFG,
"URL prefixes to exclude from the session. Defaults to no URLs"),
+ AP_INIT_TAKE1("SessionExpiryUpdateInterval", set_session_expiry_update, NULL, RSRC_CONF|OR_AUTHCFG,
+ "time interval for which a session's expiry time may change "
+ "without having to be rewritten. Zero to disable"),
{NULL}
};
Modified: httpd/httpd/trunk/modules/session/mod_session.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session.h?rev=1709121&r1=1709120&r2=1709121&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/session/mod_session.h (original)
+++ httpd/httpd/trunk/modules/session/mod_session.h Fri Oct 16 22:36:17 2015
@@ -115,6 +115,9 @@ typedef struct {
* URLs included if empty */
apr_array_header_t *excludes; /* URL prefixes to be excluded. No
* URLs excluded if empty */
+ apr_time_t expiry_update_time; /* seconds the session expiry may change and
+ * not have to be rewritten */
+ int expiry_update_set;
} session_dir_conf;
/**
Modified: httpd/httpd/trunk/modules/session/mod_session_cookie.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_cookie.c?rev=1709121&r1=1709120&r2=1709121&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/session/mod_session_cookie.c (original)
+++ httpd/httpd/trunk/modules/session/mod_session_cookie.c Fri Oct 16 22:36:17 2015
@@ -60,9 +60,6 @@ static apr_status_t session_cookie_save(
session_cookie_dir_conf *conf = ap_get_module_config(r->per_dir_config,
&session_cookie_module);
- /* don't cache auth protected pages */
- apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
-
/* create RFC2109 compliant cookie */
if (conf->name_set) {
if (z->encoded && z->encoded[0]) {
@@ -162,6 +159,9 @@ static apr_status_t session_cookie_load(
/* put the session in the notes so we don't have to parse it again */
apr_table_setn(m->notes, note, (char *)zz);
+ /* don't cache auth protected pages */
+ apr_table_addn(r->headers_out, "Cache-Control", "no-cache, private");
+
return OK;
}
Modified: httpd/httpd/trunk/modules/session/mod_session_dbd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?rev=1709121&r1=1709120&r2=1709121&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/session/mod_session_dbd.c (original)
+++ httpd/httpd/trunk/modules/session/mod_session_dbd.c Fri Oct 16 22:36:17 2015
@@ -245,6 +245,9 @@ static apr_status_t session_dbd_load(req
/* put the session in the notes so we don't have to parse it again */
apr_table_setn(m->notes, note, (char *)zz);
+ /* don't cache pages with a session */
+ apr_table_addn(r->headers_out, "Cache-Control", "no-cache, private");
+
return OK;
}
@@ -409,9 +412,6 @@ static apr_status_t session_dbd_save(req
if (conf->name_set || conf->name2_set) {
char *oldkey = NULL, *newkey = NULL;
- /* don't cache pages with a session */
- apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
-
/* if the session is new or changed, make a new session ID */
if (z->uuid) {
oldkey = apr_pcalloc(r->pool, APR_UUID_FORMATTED_LENGTH + 1);
@@ -458,7 +458,7 @@ static apr_status_t session_dbd_save(req
else if (conf->peruser) {
/* don't cache pages with a session */
- apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
+ apr_table_addn(r->headers_out, "Cache-Control", "no-cache, private");
if (r->user) {
ret = dbd_save(r, r->user, r->user, z->encoded, z->expiry);