httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Pearson <>
Subject mod_session and friends need some help
Date Thu, 23 Jan 2014 06:35:45 GMT
I recently began using mod_session, mod_session_cookie, mod_session_crypto,
and mod_auth_form (forgetting anyone?) in httpd 2.4.x to provide an
authentication front end to a web app. In my efforts to meet requirements
and solve session bugs I've needed to jump in and make a few changes to the
source for those modules. There are some fairly basic logic and programming
errors that need correction as well as enhancements. I am not a daily,
weekly, or even monthly c programmer but I've muddled my way through.

Some of those issues were raised recently by myself in bugzilla:

ap_session_load called multiple times for expired session creates new
session each time

should be able to disable session expiry increment

should be able to remove Max-Age cookie parameter to enable "session"

mod_session excludes not processed correctly

I am prepared to sooner than later submit the changes as patches, after
I've had a chance to make sure they work, clean up the code and comments,
and find some time. I for sure need these changes, otherwise mod_session
and friends are just not usable.

I understand all patches should be submitted through bugzilla. I really
have to jam through these changes for a current project, so it would be
difficult to submit a patch for each issue. Would it be acceptable to
submit a related set of patches to code and documentation, accompanied by a
comment or document that describes the whys and wherefores? Would that make
the process of patch evaluation too complicated?

If anyone is interested in discussing mod_session issues on this forum or
privately I'm happy to entertain. There was a recent thread on the list
"Re: unsetting encrypted cookies when encryption key changes" that is I
believe addressed by one the changes.

Thanks for your advice,

View raw message