mod_session.c

Checkout Tools
  • last updated 2 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
leave a hint about session expiration at TRACE2

Always decode session attributes early.
  1. … 1 more file in changeset.
mod_session: Strip Session header when SessionEnv is on.

  1. … 1 more file in changeset.
Remove unnecessary apr_table_do() function casts

Function casts can cause hard-to-debug corruption issues if a

declaration is accidentally changed to be incompatible. Luckily, most of

the function casts for apr_table_do() calls are unnecessary. Remove

them, and adjust the signatures for helpers that weren't taking void* as

the first argument.

The remaining helper that requires a cast is http_filter.c's

form_header_field(), which is probably where many of these casts were

copy-pasted from. I have left it as-is: it has other direct callers

besides apr_table_do(), and it's already documented with warnings not to

change the function signature.

  1. … 4 more files in changeset.
mod_session: Introduce SessionExpiryUpdateInterval which allows to

configure the session/cookie expiry's update interval. PR 57300.

Submitted by: Paul Spangler <paul.spangler ni.com>

Reviewed/Committed by: ylavic

  1. … 5 more files in changeset.
mod_session: When we have a session we were unable to decode, behave as if there was no session at all.

  1. … 1 more file in changeset.
mod_session: Fix problems interpreting the SessionInclude and

SessionExclude configuration.

PR: 56038

Submitted by: Erik Pearson <erik adaptations.com>

Reviewed by: trawick

  1. … 1 more file in changeset.
mod_session: Reset the max-age on session save. PR 47476.

  1. … 1 more file in changeset.
mod_session: After parsing the value of the header specified by the

SessionHeader directive, remove the value from the response. PR 55279.

  1. … 1 more file in changeset.
CVE-2013-2249

mod_session_dbd: Make sure that dirty flag is respected when saving

sessions, and ensure the session ID is changed each time the session

changes.

  1. … 3 more files in changeset.
s/;;/;/
  1. … 4 more files in changeset.
Various code clean up

Submitted by: Christophe JAILLET <christophe jaillet wanadoo fr>

PR: 52893

  1. … 8 more files in changeset.
mod_session: Sessions are encoded as application/x-www-form-urlencoded strings, however we

do not handle the encoding of spaces properly. Fixed.

Add lots of unique tags to error log messages

  1. … 172 more files in changeset.
mod_session: Use apr_status_t as a return code across the mod_session API,

clarify where we ignore errors and why.

  1. … 4 more files in changeset.
Remove some more now redundant log prefixes

  1. … 4 more files in changeset.
Code cleanup: replace apr_table_set with non-copying apr_table_setn

in a few places

Submitted by: Christophe JAILLET <christophe jaillet wanadoo fr>

  1. … 2 more files in changeset.
Note for future dev....

CVE-2010-1452: Fix handling of missing path segments in the parsed URI structure.

If a specially crafted request was sent, it is possible to crash mod_dav,

mod_cache or mod_session, as they accessed a field that is set to NULL

by the URI parser, assuming that it always put in a valid string.

PR: 49246

Submitted by: Mark Drayton

Patch by: Jeff Trawick

  1. … 4 more files in changeset.
Use the new APLOG_USE_MODULE/AP_DECLARE_MODULE macros everywhere to take

advantage of per-module loglevels

  1. … 169 more files in changeset.
mod_session: Session expiry was being initialised, but not updated

on each session save, resulting in timed out sessions when there

should not have been. Fixed.

  1. … 1 more file in changeset.
mod_session.c: Prevent a segfault when session is added but not

configured.

  1. … 1 more file in changeset.
Remove stray trailing whitespace from mod_session.c.

* Prevent a segfault when a CGI script sets a cookie with a null value.

Submitted by: David Shane Holden <dpejesh apache.org>

Reviewed by: rpluem

  1. … 1 more file in changeset.
You don't export the local registered functions

when using optional fn's and hooks.

  1. … 1 more file in changeset.
mod_session has a different scope than the core.

Replace the nonsense (see modules such as mod_dav,

mod_cache etc for similar examples).

  1. … 1 more file in changeset.
Be defensive to ensure no segfault should the session entries table

not be initialised.

Change the directives within the mod_session* modules to be valid

both inside and outside the location/directory sections, as suggested

by wrowe.

  1. … 7 more files in changeset.
Insert prototypes to remove compiler warnings. [Joe Orton]

  1. … 3 more files in changeset.
* Fix eol-style property.

Changes to mod_session.c only fix line endings again. No functional

changes.

  1. … 6 more files in changeset.