httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marat Khalili <...@rqc.ru>
Subject Re: [users@httpd] httpd session timeout
Date Wed, 24 Aug 2016 15:01:18 GMT
> I am testing it by logging into the website using basic authentication [...]

Session you are observing is browser-based, not server-based. Your browser repeats once learned
credentials in every request until it's restarted (may depend on the browser of course). And
server verifies credentials of every request, there's no session or timeout for HTTP authentication.
-- 

With Best Regards,
Marat Khalili

On August 24, 2016 4:53:28 PM GMT+03:00, Roger Paanini <rogerpaanini@gmail.com> wrote:
>Chris, I am testing it by logging into the website using basic
>authentication and then waiting for the time out duration and try to
>access
>the page again. I am expecting to be challenged for credentials again
>when
>I tried to access the page after the timeout. But I am never challenged
>after the timeout - ever after several hours beyond the timeout value.
>
>But I see the following messages in my log file... I suspect my session
>modules are not configured correctly?
>
>[Wed Aug 24 08:41:46.851228 2016] [session:warn] [pid 61410:tid
>140098663421696] [client x.x.x.x:5675] AH01815: session is enabled but
>no
>session modules have been configured, session not loaded:
>
>I have the following in my httpd.conf:
>
>LoadModule session_module modules/mod_session.so
>LoadModule session_cookie_module modules/mod_session_cookie.so
>#LoadModule session_dbd_module modules/mod_session_dbd.so
>***
><Location />
>        Session on
>        SessionMaxAge 1
>        AuthType Basic
>        AuthLDAPBindDN "xxxxx"
>        AuthLDAPBindPassword "xxxx"
>        AuthBasicProvider ldap
>        AuthName "LDAP - login"
>        AuthLDAPURL "xxxxx"
>        Require valid-user
>        Require ldap-group "xxxx"
>        AuthLDAPRemoteUserAttribute uid
></Location>
>
>Any thoughts on what I am missing?
>
>Thanks!
>
>
>
>On Tue, Aug 23, 2016 at 3:29 PM, Christopher Schultz <
>chris@christopherschultz.net> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Roger,
>>
>> On 8/23/16 4:26 PM, Roger Paanini wrote:
>> > Folks, I have tried to configure httpd with session timeout but it
>> > does not seem to work. My httpd.conf has the following:
>> >
>> > Session on SessionMaxAge 1 AuthType Basic ***
>> >
>> > I was trying to put a timeout value of 1 sec just to test. This is
>> > not working. Am I missing something?
>> >
>> > Thanks for any pointers on this.
>>
>> How are you testing it? What did you expect? What happened if it
>> wasn't what you expected?
>>
>> - -chris
>> -----BEGIN PGP SIGNATURE-----
>> Comment: GPGTools - http://gpgtools.org
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iQIcBAEBCAAGBQJXvLIwAAoJEBzwKT+lPKRYWnAP/Ax2yBWc8laAbRC3jKTA7TlI
>> 3Y5kfIrJi8tiNfzga/PXUWR82b6KmjMbXD5VKlD98YFFJhOjlMF8JSqV1MQIX1Lu
>> v9mfjkasfwhapPGtlksecNzJEA2KtSS+sLZfg5m1gPmv9R8sH5A6aFICmwVs87b8
>> DcZK/e/4STGvzGs6hGwQGaSgDDT3H4UFZqrLPCHx/jK85wNDkIZ+rHodzsLXjD9Y
>> /St2ER0bCWr090v0s/sKqKP28g7WrXBCiqh/MpCnIJ70B798GEmGI3sXnepFKSWV
>> 1IzsK8J8KAufGY24XCgRMXad1TshaftnPiTIGmZ6pPesyq8sc4Rr8FN/Mo7xvR3Z
>> eSZYCJd639Ir76MHikCjVhgRzWphh82PN+9wf9hA7snk0yt+uFEsrcxTlURdErbB
>> 0XWW7lKSor7R+OksK9HmL3izhEyNymXiOryRy5wBa2emlCajCoczy8XYy9CffkNq
>> OM81k343CdbdjLO5Z7AUdTIbnZjx5zGS9r6nVcf5uyg5j70ZuOyE1P6zft94KR4S
>> b6R2UMWUJ9aku7tzwP1cSox3DRSnhAI6VPXuwYiJYAZo6+kSTLCs0gW3Jb1q5nWj
>> 1IF2lsGvZIqH0yqxZ49rgvYSnkCdp+pp3ZVFHfDED9LBD4B90tRzlQFI4QF0w5YV
>> TLNlGhmIB+eqb5dW9LnK
>> =9Yn+
>> -----END PGP SIGNATURE-----
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>

Mime
View raw message