httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r1500428 - in /httpd/httpd/branches/2.4.x: ./ CHANGES docs/manual/ docs/manual/mod/ docs/manual/mod/mod_session_dbd.xml modules/session/mod_session.c modules/session/mod_session_cookie.c modules/session/mod_session_dbd.c
Date Sun, 07 Jul 2013 13:50:55 GMT
Author: jim
Date: Sun Jul  7 13:50:54 2013
New Revision: 1500428

URL: http://svn.apache.org/r1500428
Log:
Merge r1488158, r1488164 from trunk:

mod_session_dbd: Make sure that dirty flag is respected when saving 
sessions, and ensure the session ID is changed each time the session 
changes.


mod_session_dbd: Update the sql query for sessions updates.

Submitted by: minfrin
Reviewed/backported by: jim

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/docs/manual/   (props changed)
    httpd/httpd/branches/2.4.x/docs/manual/mod/   (props changed)
    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_dbd.xml
    httpd/httpd/branches/2.4.x/modules/session/mod_session.c
    httpd/httpd/branches/2.4.x/modules/session/mod_session_cookie.c
    httpd/httpd/branches/2.4.x/modules/session/mod_session_dbd.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1488158,1488164

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1500428&r1=1500427&r2=1500428&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Sun Jul  7 13:50:54 2013
@@ -2,6 +2,10 @@
 
 Changes with Apache 2.4.5
 
+  *) mod_session_dbd: Make sure that dirty flag is respected when saving
+     sessions, and ensure the session ID is changed each time the session
+     changes. [Takashi Sato <takashi tks.st>, Graham Leggett]
+
   *) mod_ssl: Fix possible truncation of OCSP responses when reading from the
      server.  [Joe Orton]
 

Propchange: httpd/httpd/branches/2.4.x/docs/manual/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk/docs/manual:r1488164

Propchange: httpd/httpd/branches/2.4.x/docs/manual/mod/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk/docs/manual/mod:r1488164

Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_dbd.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_dbd.xml?rev=1500428&r1=1500427&r2=1500428&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_dbd.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_session_dbd.xml Sun Jul  7 13:50:54 2013
@@ -77,7 +77,7 @@
 DBDriver pgsql
 DBDParams "dbname=apachesession user=apache password=xxxxx host=localhost"
 DBDPrepareSQL "delete from session where key = %s" deletesession
-DBDPrepareSQL "update session set value = %s, expiry = %lld where key = %s" updatesession
+DBDPrepareSQL "update session set value = %s, expiry = %lld, key = %s where key = %s" updatesession
 DBDPrepareSQL "insert into session (value, expiry, key) values (%s, %lld, %s)" insertsession
 DBDPrepareSQL "select value from session where key = %s and (expiry = 0 or expiry &gt;
%lld)" selectsession
 DBDPrepareSQL "delete from session where expiry != 0 and expiry &lt; %lld" cleansession

Modified: httpd/httpd/branches/2.4.x/modules/session/mod_session.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/session/mod_session.c?rev=1500428&r1=1500427&r2=1500428&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/session/mod_session.c (original)
+++ httpd/httpd/branches/2.4.x/modules/session/mod_session.c Sun Jul  7 13:50:54 2013
@@ -132,8 +132,6 @@ static apr_status_t ap_session_load(requ
         zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
         zz->pool = r->pool;
         zz->entries = apr_table_make(zz->pool, 10);
-        zz->uuid = (apr_uuid_t *) apr_pcalloc(zz->pool, sizeof(apr_uuid_t));
-        apr_uuid_get(zz->uuid);
 
     }
     else {
@@ -446,6 +444,7 @@ static apr_status_t session_output_filte
             }
             if (override) {
                 z->encoded = override;
+                z->dirty = 1;
                 session_identity_decode(r, z);
             }
         }

Modified: httpd/httpd/branches/2.4.x/modules/session/mod_session_cookie.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/session/mod_session_cookie.c?rev=1500428&r1=1500427&r2=1500428&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/session/mod_session_cookie.c (original)
+++ httpd/httpd/branches/2.4.x/modules/session/mod_session_cookie.c Sun Jul  7 13:50:54 2013
@@ -157,7 +157,6 @@ static apr_status_t session_cookie_load(
     zz->pool = m->pool;
     zz->entries = apr_table_make(m->pool, 10);
     zz->encoded = val;
-    zz->uuid = (apr_uuid_t *) apr_pcalloc(m->pool, sizeof(apr_uuid_t));
     *z = zz;
 
     /* put the session in the notes so we don't have to parse it again */

Modified: httpd/httpd/branches/2.4.x/modules/session/mod_session_dbd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/session/mod_session_dbd.c?rev=1500428&r1=1500427&r2=1500428&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/session/mod_session_dbd.c (original)
+++ httpd/httpd/branches/2.4.x/modules/session/mod_session_dbd.c Sun Jul  7 13:50:54 2013
@@ -230,12 +230,11 @@ static apr_status_t session_dbd_load(req
     zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
     zz->pool = r->pool;
     zz->entries = apr_table_make(zz->pool, 10);
-    zz->uuid = (apr_uuid_t *) apr_pcalloc(zz->pool, sizeof(apr_uuid_t));
-    if (key) {
-        apr_uuid_parse(zz->uuid, key);
-    }
-    else {
-        apr_uuid_get(zz->uuid);
+    if (key && val) {
+        apr_uuid_t *uuid = apr_pcalloc(zz->pool, sizeof(apr_uuid_t));
+        if (APR_SUCCESS == apr_uuid_parse(uuid, key)) {
+            zz->uuid = uuid;
+        }
     }
     zz->encoded = val;
     *z = zz;
@@ -250,8 +249,8 @@ static apr_status_t session_dbd_load(req
 /**
  * Save the session by the key specified.
  */
-static apr_status_t dbd_save(request_rec * r, const char *key, const char *val,
-                             apr_int64_t expiry)
+static apr_status_t dbd_save(request_rec * r, const char *oldkey,
+        const char *newkey, const char *val, apr_int64_t expiry)
 {
 
     apr_status_t rv;
@@ -272,22 +271,24 @@ static apr_status_t dbd_save(request_rec
     if (rv) {
         return rv;
     }
-    rv = apr_dbd_pvbquery(dbd->driver, r->pool, dbd->handle, &rows, statement,
-                          val, &expiry, key, NULL);
-    if (rv) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01857)
-                      "query execution error updating session '%s' "
-                      "using database query '%s': %s", key, conf->updatelabel,
-                      apr_dbd_error(dbd->driver, dbd->handle, rv));
-        return APR_EGENERAL;
-    }
 
-    /*
-     * if some rows were updated it means a session existed and was updated,
-     * so we are done.
-     */
-    if (rows != 0) {
-        return APR_SUCCESS;
+    if (oldkey) {
+        rv = apr_dbd_pvbquery(dbd->driver, r->pool, dbd->handle, &rows,
+                statement, val, &expiry, newkey, oldkey, NULL);
+        if (rv) {
+            ap_log_rerror(
+                    APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01857) "query execution error updating
session '%s' "
+                    "using database query '%s': %s/%s", oldkey, newkey, conf->updatelabel,
apr_dbd_error(dbd->driver, dbd->handle, rv));
+            return APR_EGENERAL;
+        }
+
+        /*
+         * if some rows were updated it means a session existed and was updated,
+         * so we are done.
+         */
+        if (rows != 0) {
+            return APR_SUCCESS;
+        }
     }
 
     if (conf->insertlabel == NULL) {
@@ -301,11 +302,11 @@ static apr_status_t dbd_save(request_rec
         return rv;
     }
     rv = apr_dbd_pvbquery(dbd->driver, r->pool, dbd->handle, &rows, statement,
-                          val, &expiry, key, NULL);
+                          val, &expiry, newkey, NULL);
     if (rv) {
         ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01859)
                       "query execution error inserting session '%s' "
-                      "in database with '%s': %s", key, conf->insertlabel,
+                      "in database with '%s': %s", newkey, conf->insertlabel,
                       apr_dbd_error(dbd->driver, dbd->handle, rv));
         return APR_EGENERAL;
     }
@@ -320,7 +321,7 @@ static apr_status_t dbd_save(request_rec
 
     ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01860)
                   "the session insert query did not cause any rows to be added "
-                  "to the database for session '%s', session not inserted", key);
+                  "to the database for session '%s', session not inserted", newkey);
 
     return APR_EGENERAL;
 
@@ -397,27 +398,38 @@ static apr_status_t dbd_clean(apr_pool_t
 static apr_status_t session_dbd_save(request_rec * r, session_rec * z)
 {
 
-    char *buffer;
     apr_status_t ret = APR_SUCCESS;
     session_dbd_dir_conf *conf = ap_get_module_config(r->per_dir_config,
                                                       &session_dbd_module);
 
     /* support anonymous sessions */
     if (conf->name_set || conf->name2_set) {
+        char *oldkey = NULL, *newkey = NULL;
 
         /* don't cache pages with a session */
         apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
 
-        /* must we create a uuid? */
-        buffer = apr_pcalloc(r->pool, APR_UUID_FORMATTED_LENGTH + 1);
-        apr_uuid_format(buffer, z->uuid);
+        /* if the session is new or changed, make a new session ID */
+        if (z->uuid) {
+            oldkey = apr_pcalloc(r->pool, APR_UUID_FORMATTED_LENGTH + 1);
+            apr_uuid_format(oldkey, z->uuid);
+        }
+        if (z->dirty || !oldkey) {
+            z->uuid = apr_pcalloc(z->pool, sizeof(apr_uuid_t));
+            apr_uuid_get(z->uuid);
+            newkey = apr_pcalloc(r->pool, APR_UUID_FORMATTED_LENGTH + 1);
+            apr_uuid_format(newkey, z->uuid);
+        }
+        else {
+            newkey = oldkey;
+        }
 
         /* save the session with the uuid as key */
         if (z->encoded && z->encoded[0]) {
-            ret = dbd_save(r, buffer, z->encoded, z->expiry);
+            ret = dbd_save(r, oldkey, newkey, z->encoded, z->expiry);
         }
         else {
-            ret = dbd_remove(r, buffer);
+            ret = dbd_remove(r, oldkey);
         }
         if (ret != APR_SUCCESS) {
             return ret;
@@ -425,13 +437,13 @@ static apr_status_t session_dbd_save(req
 
         /* create RFC2109 compliant cookie */
         if (conf->name_set) {
-            ap_cookie_write(r, conf->name, buffer, conf->name_attrs, z->maxage,
+            ap_cookie_write(r, conf->name, newkey, conf->name_attrs, z->maxage,
                             r->headers_out, r->err_headers_out, NULL);
         }
 
         /* create RFC2965 compliant cookie */
         if (conf->name2_set) {
-            ap_cookie_write2(r, conf->name2, buffer, conf->name2_attrs, z->maxage,
+            ap_cookie_write2(r, conf->name2, newkey, conf->name2_attrs, z->maxage,
                              r->headers_out, r->err_headers_out, NULL);
         }
 
@@ -446,7 +458,7 @@ static apr_status_t session_dbd_save(req
         apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
 
         if (r->user) {
-            ret = dbd_save(r, r->user, z->encoded, z->expiry);
+            ret = dbd_save(r, r->user, r->user, z->encoded, z->expiry);
             if (ret != APR_SUCCESS) {
                 return ret;
             }



Mime
View raw message