Blame SOURCES/httpd-2.4.37-session-expiry-updt-int.patch

fa34f0
diff --git a/docs/manual/mod/mod_session.html.en b/docs/manual/mod/mod_session.html.en
fa34f0
index 6834f8e..9f8301f 100644
fa34f0
--- a/docs/manual/mod/mod_session.html.en
fa34f0
+++ b/docs/manual/mod/mod_session.html.en
fa34f0
@@ -82,6 +82,7 @@
fa34f0
 
  • SessionHeader
  • fa34f0
     
  • SessionInclude
  • fa34f0
     
  • SessionMaxAge
  • fa34f0
    +
  • SessionExpiryUpdateInterval
  • fa34f0
     
    fa34f0
     

    Bugfix checklist

    See also

    fa34f0
     
      fa34f0
      @@ -482,6 +483,37 @@ AuthName realm
      fa34f0
       
      fa34f0
           

      Setting the maxage to zero disables session expiry.

      fa34f0
       
      fa34f0
      +
      fa34f0
      +
      top
      fa34f0
      +
      fa34f0
      +
      fa34f0
      +Description:Define the number of seconds a session's expiry may change without the session being updated
      fa34f0
      +Syntax:SessionExpiryUpdateInterval interval
      fa34f0
      +Default:SessionExpiryUpdateInterval 0 (always update)
      fa34f0
      +Context:server config, virtual host, directory, .htaccess
      fa34f0
      +Module:mod_session
      fa34f0
      +
      fa34f0
      +    

      The SessionExpiryUpdateInterval directive allows

      fa34f0
      +    sessions to avoid the cost associated with writing the session each request
      fa34f0
      +    when only the expiry time has changed. This can be used to make a website
      fa34f0
      +    more efficient or reduce load on a database when using
      fa34f0
      +    <module>mod_session_dbd</module>. The session is always written if the data
      fa34f0
      +    stored in the session has changed or the expiry has changed by more than the
      fa34f0
      +    configured interval.

      fa34f0
      +
      fa34f0
      +    

      Setting the interval to zero disables this directive, and the session

      fa34f0
      +    expiry is refreshed for each request.

      fa34f0
      +
      fa34f0
      +    

      This directive only has an effect when combined with SessionMaxAge to enable session

      fa34f0
      +    expiry. Sessions without an expiry are only written when the data stored in
      fa34f0
      +    the session has changed.

      fa34f0
      +
      fa34f0
      +    

      Warning

      fa34f0
      +    

      Because the session expiry may not be refreshed with each request, it's

      fa34f0
      +    possible for sessions to expire up to interval seconds early.
      fa34f0
      +    Using a small interval usually provides sufficient savings while having a
      fa34f0
      +    minimal effect on expiry resolution.

      fa34f0
      +
      fa34f0
       
      fa34f0
       
      fa34f0
       
      fa34f0
      diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
      fa34f0
      index d517020..10e6396 100644
      fa34f0
      --- a/modules/session/mod_session.c
      fa34f0
      +++ b/modules/session/mod_session.c
      fa34f0
      @@ -177,6 +177,7 @@ static apr_status_t ap_session_save(request_rec * r, session_rec * z)
      fa34f0
       {
      fa34f0
           if (z) {
      fa34f0
               apr_time_t now = apr_time_now();
      fa34f0
      +        apr_time_t initialExpiry = z->expiry;
      fa34f0
               int rv = 0;
      fa34f0
       
      fa34f0
               session_dir_conf *dconf = ap_get_module_config(r->per_dir_config,
      fa34f0
      @@ -207,6 +208,17 @@ static apr_status_t ap_session_save(request_rec * r, session_rec * z)
      fa34f0
                   z->expiry = now + z->maxage * APR_USEC_PER_SEC;
      fa34f0
               } 
      fa34f0
       
      fa34f0
      +        /* don't save if the only change is the expiry by a small amount */
      fa34f0
      +        if (!z->dirty && dconf->expiry_update_time
      fa34f0
      +                && (z->expiry - initialExpiry < dconf->expiry_update_time)) {
      fa34f0
      +            return APR_SUCCESS;
      fa34f0
      +        }
      fa34f0
      +
      fa34f0
      +        /* also don't save sessions that didn't change at all */
      fa34f0
      +        if (!z->dirty && !z->maxage) {
      fa34f0
      +            return APR_SUCCESS;
      fa34f0
      +        }
      fa34f0
      +
      fa34f0
               /* encode the session */
      fa34f0
               rv = ap_run_session_encode(r, z);
      fa34f0
               if (OK != rv) {
      fa34f0
      @@ -553,6 +565,10 @@ static void *merge_session_dir_config(apr_pool_t * p, void *basev, void *addv)
      fa34f0
           new->env_set = add->env_set || base->env_set;
      fa34f0
           new->includes = apr_array_append(p, base->includes, add->includes);
      fa34f0
           new->excludes = apr_array_append(p, base->excludes, add->excludes);
      fa34f0
      +    new->expiry_update_time = (add->expiry_update_set == 0)
      fa34f0
      +                                ? base->expiry_update_time
      fa34f0
      +                                : add->expiry_update_time;
      fa34f0
      +    new->expiry_update_set = add->expiry_update_set || base->expiry_update_set;
      fa34f0
       
      fa34f0
           return new;
      fa34f0
       }
      fa34f0
      @@ -622,6 +638,21 @@ static const char *add_session_exclude(cmd_parms * cmd, void *dconf, const char
      fa34f0
           return NULL;
      fa34f0
       }
      fa34f0
       
      fa34f0
      +static const char *
      fa34f0
      +     set_session_expiry_update(cmd_parms * parms, void *dconf, const char *arg)
      fa34f0
      +{
      fa34f0
      +    session_dir_conf *conf = dconf;
      fa34f0
      +
      fa34f0
      +    conf->expiry_update_time = atoi(arg);
      fa34f0
      +    if (conf->expiry_update_time < 0) {
      fa34f0
      +        return "SessionExpiryUpdateInterval must be positive or nul";
      fa34f0
      +    }
      fa34f0
      +    conf->expiry_update_time = apr_time_from_sec(conf->expiry_update_time);
      fa34f0
      +    conf->expiry_update_set = 1;
      fa34f0
      +
      fa34f0
      +    return NULL;
      fa34f0
      +}
      fa34f0
      +
      fa34f0
       
      fa34f0
       static const command_rec session_cmds[] =
      fa34f0
       {
      fa34f0
      @@ -637,6 +668,9 @@ static const command_rec session_cmds[] =
      fa34f0
                         "URL prefixes to include in the session. Defaults to all URLs"),
      fa34f0
           AP_INIT_TAKE1("SessionExclude", add_session_exclude, NULL, RSRC_CONF|OR_AUTHCFG,
      fa34f0
                         "URL prefixes to exclude from the session. Defaults to no URLs"),
      fa34f0
      +    AP_INIT_TAKE1("SessionExpiryUpdateInterval", set_session_expiry_update, NULL, RSRC_CONF|OR_AUTHCFG,
      fa34f0
      +                  "time interval for which a session's expiry time may change "
      fa34f0
      +                  "without having to be rewritten. Zero to disable"),
      fa34f0
           {NULL}
      fa34f0
       };
      fa34f0
       
      fa34f0
      diff --git a/modules/session/mod_session.h b/modules/session/mod_session.h
      fa34f0
      index a6dd5e9..bdeb532 100644
      fa34f0
      --- a/modules/session/mod_session.h
      fa34f0
      +++ b/modules/session/mod_session.h
      fa34f0
      @@ -115,6 +115,9 @@ typedef struct {
      fa34f0
                                          * URLs included if empty */
      fa34f0
           apr_array_header_t *excludes; /* URL prefixes to be excluded. No
      fa34f0
                                          * URLs excluded if empty */
      fa34f0
      +    apr_time_t expiry_update_time; /* seconds the session expiry may change and
      fa34f0
      +                                    * not have to be rewritten */
      fa34f0
      +    int expiry_update_set;
      fa34f0
       } session_dir_conf;
      fa34f0
       
      fa34f0
       /**
      fa34f0
      diff --git a/modules/session/mod_session_cookie.c b/modules/session/mod_session_cookie.c
      fa34f0
      index 6a02322..4aa75e4 100644
      fa34f0
      --- a/modules/session/mod_session_cookie.c
      fa34f0
      +++ b/modules/session/mod_session_cookie.c
      fa34f0
      @@ -60,9 +60,6 @@ static apr_status_t session_cookie_save(request_rec * r, session_rec * z)
      fa34f0
           session_cookie_dir_conf *conf = ap_get_module_config(r->per_dir_config,
      fa34f0
                                                           &session_cookie_module);
      fa34f0
       
      fa34f0
      -    /* don't cache auth protected pages */
      fa34f0
      -    apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
      fa34f0
      -
      fa34f0
           /* create RFC2109 compliant cookie */
      fa34f0
           if (conf->name_set) {
      fa34f0
               if (z->encoded && z->encoded[0]) {
      fa34f0
      @@ -162,6 +159,9 @@ static apr_status_t session_cookie_load(request_rec * r, session_rec ** z)
      fa34f0
           /* put the session in the notes so we don't have to parse it again */
      fa34f0
           apr_table_setn(m->notes, note, (char *)zz);
      fa34f0
       
      fa34f0
      +    /* don't cache auth protected pages */
      fa34f0
      +    apr_table_addn(r->headers_out, "Cache-Control", "no-cache, private");
      fa34f0
      +
      fa34f0
           return OK;
      fa34f0
       
      fa34f0
       }
      fa34f0
      diff --git a/modules/session/mod_session_dbd.c b/modules/session/mod_session_dbd.c
      fa34f0
      index 0be7306..f683da2 100644
      fa34f0
      --- a/modules/session/mod_session_dbd.c
      fa34f0
      +++ b/modules/session/mod_session_dbd.c
      fa34f0
      @@ -245,6 +245,9 @@ static apr_status_t session_dbd_load(request_rec * r, session_rec ** z)
      fa34f0
           /* put the session in the notes so we don't have to parse it again */
      fa34f0
           apr_table_setn(m->notes, note, (char *)zz);
      fa34f0
       
      fa34f0
      +    /* don't cache pages with a session */
      fa34f0
      +    apr_table_addn(r->headers_out, "Cache-Control", "no-cache, private");
      fa34f0
      +
      fa34f0
           return OK;
      fa34f0
       
      fa34f0
       }
      fa34f0
      @@ -409,9 +412,6 @@ static apr_status_t session_dbd_save(request_rec * r, session_rec * z)
      fa34f0
           if (conf->name_set || conf->name2_set) {
      fa34f0
               char *oldkey = NULL, *newkey = NULL;
      fa34f0
       
      fa34f0
      -        /* don't cache pages with a session */
      fa34f0
      -        apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
      fa34f0
      -
      fa34f0
               /* if the session is new or changed, make a new session ID */
      fa34f0
               if (z->uuid) {
      fa34f0
                   oldkey = apr_pcalloc(r->pool, APR_UUID_FORMATTED_LENGTH + 1);
      fa34f0
      @@ -458,7 +458,7 @@ static apr_status_t session_dbd_save(request_rec * r, session_rec * z)
      fa34f0
           else if (conf->peruser) {
      fa34f0
       
      fa34f0
               /* don't cache pages with a session */
      fa34f0
      -        apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
      fa34f0
      +        apr_table_addn(r->headers_out, "Cache-Control", "no-cache, private");
      fa34f0
       
      fa34f0
               if (r->user) {
      fa34f0
                   ret = dbd_save(r, r->user, r->user, z->encoded, z->expiry);