Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C9BEF200B6F for ; Wed, 24 Aug 2016 17:01:51 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id C8401160AB1; Wed, 24 Aug 2016 15:01:51 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id C6B86160A91 for ; Wed, 24 Aug 2016 17:01:50 +0200 (CEST) Received: (qmail 17607 invoked by uid 500); 24 Aug 2016 15:01:47 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 17464 invoked by uid 99); 24 Aug 2016 15:01:47 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Aug 2016 15:01:47 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 2981D18009B for ; Wed, 24 Aug 2016 15:01:47 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.999 X-Spam-Level: * X-Spam-Status: No, score=1.999 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id PFNmixBHZ5L4 for ; Wed, 24 Aug 2016 15:01:43 +0000 (UTC) Received: from smtp77.iad3a.emailsrvr.com (smtp77.iad3a.emailsrvr.com [173.203.187.77]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 2846E5F484 for ; Wed, 24 Aug 2016 15:01:43 +0000 (UTC) Received: from smtp18.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp18.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 7F459A0134 for ; Wed, 24 Aug 2016 11:01:37 -0400 (EDT) X-Auth-ID: m.khalili@rqc.ru Received: by smtp18.relay.iad3a.emailsrvr.com (Authenticated sender: m.khalili-AT-rqc.ru) with ESMTPSA id 1B0BAA039A for ; Wed, 24 Aug 2016 11:01:35 -0400 (EDT) X-Sender-Id: m.khalili@rqc.ru Received: from [10.38.16.195] ([UNAVAILABLE]. [185.79.100.137]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA) by 0.0.0.0:587 (trex/5.7.7); Wed, 24 Aug 2016 11:01:37 -0400 User-Agent: K-9 Mail for Android In-Reply-To: References: <941de732-83f1-22a9-1ebf-637f282f9d1d@christopherschultz.net> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----PCM8C00CG7KYS5HAEBE70T4SSOXJ3L" Content-Transfer-Encoding: 7bit From: Marat Khalili Date: Wed, 24 Aug 2016 18:01:18 +0300 To: users@httpd.apache.org Message-ID: <44E0A848-C765-49C3-A795-56F1A9A5DA58@rqc.ru> Subject: Re: [users@httpd] httpd session timeout archived-at: Wed, 24 Aug 2016 15:01:52 -0000 ------PCM8C00CG7KYS5HAEBE70T4SSOXJ3L Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable > I am testing it by logging into the website using basic authentication [= =2E=2E=2E] Session you are observing is browser-based, not server-based=2E Your brows= er repeats once learned credentials in every request until it's restarted (= may depend on the browser of course)=2E And server verifies credentials of = every request, there's no session or timeout for HTTP authentication=2E --=20 With Best Regards, Marat Khalili On August 24, 2016 4:53:28 PM GMT+03:00, Roger Paanini wrote: >Chris, I am testing it by logging into the website using basic >authentication and then waiting for the time out duration and try to >access >the page again=2E I am expecting to be challenged for credentials again >when >I tried to access the page after the timeout=2E But I am never challenged >after the timeout - ever after several hours beyond the timeout value=2E > >But I see the following messages in my log file=2E=2E=2E I suspect my ses= sion >modules are not configured correctly? > >[Wed Aug 24 08:41:46=2E851228 2016] [session:warn] [pid 61410:tid >140098663421696] [client x=2Ex=2Ex=2Ex:5675] AH01815: session is enabled = but >no >session modules have been configured, session not loaded: > >I have the following in my httpd=2Econf: > >LoadModule session_module modules/mod_session=2Eso >LoadModule session_cookie_module modules/mod_session_cookie=2Eso >#LoadModule session_dbd_module modules/mod_session_dbd=2Eso >*** > > Session on > SessionMaxAge 1 > AuthType Basic > AuthLDAPBindDN "xxxxx" > AuthLDAPBindPassword "xxxx" > AuthBasicProvider ldap > AuthName "LDAP - login" > AuthLDAPURL "xxxxx" > Require valid-user > Require ldap-group "xxxx" > AuthLDAPRemoteUserAttribute uid > > >Any thoughts on what I am missing? > >Thanks! > > > >On Tue, Aug 23, 2016 at 3:29 PM, Christopher Schultz < >chris@christopherschultz=2Enet> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Roger, >> >> On 8/23/16 4:26 PM, Roger Paanini wrote: >> > Folks, I have tried to configure httpd with session timeout but it >> > does not seem to work=2E My httpd=2Econf has the following: >> > >> > Session on SessionMaxAge 1 AuthType Basic *** >> > >> > I was trying to put a timeout value of 1 sec just to test=2E This is >> > not working=2E Am I missing something? >> > >> > Thanks for any pointers on this=2E >> >> How are you testing it? What did you expect? What happened if it >> wasn't what you expected? >> >> - -chris >> -----BEGIN PGP SIGNATURE----- >> Comment: GPGTools - http://gpgtools=2Eorg >> Comment: Using GnuPG with Thunderbird - http://www=2Eenigmail=2Enet/ >> >> iQIcBAEBCAAGBQJXvLIwAAoJEBzwKT+lPKRYWnAP/Ax2yBWc8laAbRC3jKTA7TlI >> 3Y5kfIrJi8tiNfzga/PXUWR82b6KmjMbXD5VKlD98YFFJhOjlMF8JSqV1MQIX1Lu >> v9mfjkasfwhapPGtlksecNzJEA2KtSS+sLZfg5m1gPmv9R8sH5A6aFICmwVs87b8 >> DcZK/e/4STGvzGs6hGwQGaSgDDT3H4UFZqrLPCHx/jK85wNDkIZ+rHodzsLXjD9Y >> /St2ER0bCWr090v0s/sKqKP28g7WrXBCiqh/MpCnIJ70B798GEmGI3sXnepFKSWV >> 1IzsK8J8KAufGY24XCgRMXad1TshaftnPiTIGmZ6pPesyq8sc4Rr8FN/Mo7xvR3Z >> eSZYCJd639Ir76MHikCjVhgRzWphh82PN+9wf9hA7snk0yt+uFEsrcxTlURdErbB >> 0XWW7lKSor7R+OksK9HmL3izhEyNymXiOryRy5wBa2emlCajCoczy8XYy9CffkNq >> OM81k343CdbdjLO5Z7AUdTIbnZjx5zGS9r6nVcf5uyg5j70ZuOyE1P6zft94KR4S >> b6R2UMWUJ9aku7tzwP1cSox3DRSnhAI6VPXuwYiJYAZo6+kSTLCs0gW3Jb1q5nWj >> 1IF2lsGvZIqH0yqxZ49rgvYSnkCdp+pp3ZVFHfDED9LBD4B90tRzlQFI4QF0w5YV >> TLNlGhmIB+eqb5dW9LnK >> =3D9Yn+ >> -----END PGP SIGNATURE----- >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@httpd=2Eapache=2Eorg >> For additional commands, e-mail: users-help@httpd=2Eapache=2Eorg >> >> ------PCM8C00CG7KYS5HAEBE70T4SSOXJ3L Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable > I am testing it by logging into the website u= sing basic authentication [=2E=2E=2E]

Session you are observing is browser-based, not server-based=2E Your brows= er repeats once learned credentials in every request until it's restart= ed (may depend on the browser of course)=2E And server verifies credentials= of every request, there's no session or timeout for HTTP authenticatio= n=2E
--

With Best Regards,
Marat Khalili

On August 24, 2016 4:53:28= PM GMT+03:00, Roger Paanini <rogerpaanini@gmail=2Ecom> wrote:
Chris, I am testing it by logging into the website using = basic authentication and then waiting for the time out duration and try to = access the page again=2E I am expecting to be challenged for credentials ag= ain when I tried to access the page after the timeout=2E But I am never cha= llenged after the timeout - ever after several hours beyond the timeout val= ue=2E

But I see the following messages in my log file= =2E=2E=2E I suspect my session modules are not configured correctly?
<= div>
[Wed Aug 24 08:41:= 46=2E851228 2016] [session:warn] [pid 61410:tid 140098663421696] [client x= =2Ex=2Ex=2Ex:5675] AH01815: session is enabled but no session modules have = been configured, session not loaded:=C2=A0

I have the following in my httpd=2Econf:=C2=A0

LoadModule session_module m= odules/mod_session=2Eso
#LoadModule session_dbd_module= modules/mod_session_dbd=2Eso
***
<Location />
= =C2=A0 =C2=A0 =C2=A0 =C2=A0 Session on
=C2=A0 =C2=A0 =C2=A0 =C2=A0 SessionMaxAge 1
=C2=A0 =C2=A0 =C2=A0 =C2=A0 AuthType= Basic
=C2=A0 =C2=A0 = =C2=A0 =C2=A0 AuthLDAPBindDN "xxxxx"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 AuthLDAPBindPassword = "xxxx"
=C2= =A0 =C2=A0 =C2=A0 =C2=A0 AuthBasicProvider ldap
=C2=A0 =C2=A0 =C2=A0 =C2=A0 AuthName "LDAP -= login"
=C2=A0 = =C2=A0 =C2=A0 =C2=A0 AuthLDAPURL "xxxxx"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 Require valid-user=
=C2=A0 =C2=A0 =C2=A0 = =C2=A0 Require ldap-group "xxxx"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 AuthLDAPRemoteUserAttribut= e uid
</Location>= ;

Any thoughts on what I am missing= ?

Thanks!



On Tue, = Aug 23, 2016 at 3:29 PM, Christopher Schultz <chris@christop= herschultz=2Enet> wrote:

On 8/23/16 4:26 PM, Roger Paanini wrote:
> Folks, I have tried to configure httpd with session timeout but it > does not seem to work=2E My httpd=2Econf has the following:
>
> Session on SessionMaxAge 1 AuthType Basic ***
>
> I was trying to put a timeout value of 1 sec just to test=2E This is<= br /> > not working=2E Am I missing something?
>
> Thanks for any pointers on this=2E

How are you testing it? What did you expect? What happened if = it
wasn't what you expected?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools=2Eorg
Comment: Using GnuPG with Thunderbird - http://www=2Eenigmail=2Enet/<= /a>

iQIcBAEBCAAGBQJXvLIwAAoJEBzwKT+lPKRYWnAP/Ax2yBWc8laAbRC3jKTA= 7TlI
3Y5kfIrJi8tiNfzga/PXUWR82b6KmjMbXD5VKlD98YFFJhOjlMF8JSqV1MQI= X1Lu
v9mfjkasfwhapPGtlksecNzJEA2KtSS+sLZfg5m1gPmv9R8sH5A6aFICmwVs= 87b8
DcZK/e/4STGvzGs6hGwQGaSgDDT3H4UFZqrLPCHx/jK85wNDkIZ+rHodzsLX= jD9Y
/St2ER0bCWr090v0s/sKqKP28g7WrXBCiqh/MpCnIJ70B798GEmGI3sXnepF= KSWV
1IzsK8J8KAufGY24XCgRMXad1TshaftnPiTIGmZ6pPesyq8sc4Rr8FN/Mo7x= vR3Z
eSZYCJd639Ir76MHikCjVhgRzWphh82PN+9wf9hA7snk0yt+uFEsrcxTlURd= ErbB
0XWW7lKSor7R+OksK9HmL3izhEyNymXiOryRy5wBa2emlCajCoczy8XYy9Cf= fkNq
OM81k343CdbdjLO5Z7AUdTIbnZjx5zGS9r6nVcf5uyg5j70ZuOyE1P6zft94= KR4S
b6R2UMWUJ9aku7tzwP1cSox3DRSnhAI6VPXuwYiJYAZo6+kSTLCs0gW3Jb1q= 5nWj
1IF2lsGvZIqH0yqxZ49rgvYSnkCdp+pp3ZVFHfDED9LBD4B90tRzlQFI4QF0= w5YV
TLNlGhmIB+eqb5dW9LnK
=3D9Yn+
-----END PGP SIGNATURE-----

------------------------------------------------------------= ---------
To unsubscribe, e-mail: users-unsubscribe@httpd=2Eapache=2Eorg
For additional commands, e-mail: users-help@httpd=2Eapache=2Eorg


------PCM8C00CG7KYS5HAEBE70T4SSOXJ3L--