You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2009/07/06 10:05:01 UTC
DO NOT REPLY [Bug 47476] New: Cannot renew stored session
https://issues.apache.org/bugzilla/show_bug.cgi?id=47476
Summary: Cannot renew stored session
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: All
OS/Version: All
Status: NEW
Keywords: PatchAvailable
Severity: normal
Priority: P3
Component: Other Modules
AssignedTo: bugs@httpd.apache.org
ReportedBy: alexey.v.varlamov@gmail.com
Created an attachment (id=23933)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=23933)
Suggested fix to the problem.
Once mod_session saves a session (to cookie), the session expiration cannot be
reset - the only way to delete and re-create cookie anew.
Accordingly to documentation:
"The SessionMaxAge directive defines a time limit for which a session will
remain valid. When a session is saved, this time limit is reset and an existing
session can be continued."
However tests and code inspection show that the expiry can be set just once and
later updates do not refresh the session.
Also, "Max-Age" value for the updated session cookie is not passed to a user
agent.
Please see the suggested fix attached.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 47476] [mod_session] Cannot renew stored session
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=47476
Alexey Varlamov <al...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Cannot renew stored session |[mod_session] Cannot renew
| |stored session
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 47476] [mod_session] Cannot renew stored session
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=47476
Graham Leggett <mi...@sharp.fm> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #4 from Graham Leggett <mi...@sharp.fm> ---
Backported to v2.4.7.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 47476] [mod_session] Cannot renew stored session
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=47476
Lars Eilebrecht <la...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |lars@apache.org
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 47476] [mod_session] Cannot renew stored session
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=47476
--- Comment #3 from Graham Leggett <mi...@sharp.fm> ---
Fixed in trunk in r1531683, proposed for backport to v2.4.x.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 47476] Cannot renew stored session
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=47476
--- Comment #1 from Nick Kew <ni...@webthing.com> 2009-07-06 02:03:20 PST ---
Yow! Those functions are a bit of a confusing mess (declared int, return
apr_status_t - ouch). Which should it be?
The second half of your patch looks obviously right. But are you sure the
first half won't also update the expiry when that wasn't intended?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 47476] Cannot renew stored session
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=47476
--- Comment #2 from Alexey Varlamov <al...@gmail.com> 2009-07-06 22:32:14 PST ---
Actually there are 2 interconnected issues. As I said, original code did not
reset expiry AND was dropping "Max-Age" value when updating session.
The first chunk of the patch only changes maxage setting logic, the expiry
handling is not changed:
< earlier the maxage was only set if a new session is created or a session
encountered which does not have expiry while it should per configuration (AFAIU
only possible if server gets re-configured adding MaxAge and user comes with
older cookie w/o expiry); and normally loaded sessions had maxage=0 (as maxage
is not included to session encoding)
--
> now maxage is set always when present in config.
So the first chunk is necessary preparation for the second one :)
Otherwise, if loaded session is modified and saved but maxage is zero, it
should expire immediately.
As for the mess in functions, indeed they are declared to return int - don't
know why :)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 47476] Cannot renew stored session
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=47476
Alexey Varlamov <al...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |47477
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org