summaryrefslogtreecommitdiffstats
path: root/modules/session (follow)
Commit message (Collapse)AuthorAgeFilesLines
* mod_session: account for the '&' in identity_concat().Yann Ylavic2021-03-011-2/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887052 13f79535-47bb-0310-9956-ffa450edef68
* mod_session: save one apr_strtok() in session_identity_decode().Yann Ylavic2021-03-011-1/+1
| | | | | | When the encoding is invalid (missing '='), no need to parse further. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887050 13f79535-47bb-0310-9956-ffa450edef68
* Improve a message about SessionExpiryUpdateInterval valuesChristophe Jaillet2020-11-141-1/+1
| | | | | | PR 64904 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1883414 13f79535-47bb-0310-9956-ffa450edef68
* be less specific and don't echo passphraseEric Covener2020-04-221-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876807 13f79535-47bb-0310-9956-ffa450edef68
* restore/explain new session creationEric Covener2020-03-021-0/+9
| | | | | | | | | | followup to r1874673. With the included providers for load/save this path should not be taken. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874691 13f79535-47bb-0310-9956-ffa450edef68
* PR56040: add SessionCookieMaxAge On/OffEric Covener2020-03-021-2/+21
| | | | | | | | Allows mod_session cookies to out as "session" cookies. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874675 13f79535-47bb-0310-9956-ffa450edef68
* bubble up an error if none of the passhrases workEric Covener2020-03-011-0/+2
| | | | | | | | | | previously, the un-decodable z->encoded would get set to NULL but success would be returned git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874674 13f79535-47bb-0310-9956-ffa450edef68
* PR56052: resolve problems with expired sessionsEric Covener2020-03-011-9/+8
| | | | | | | | | session_load providers cache the session_rec pointer, so hollow them out and reuse them instead of replacing them. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874673 13f79535-47bb-0310-9956-ffa450edef68
* Fix spelling errors found by codespell. [skip ci]Mike Rumph2020-02-131-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1873985 13f79535-47bb-0310-9956-ffa450edef68
* Also avoid adding the Set-Cookie header in both r->headers_out andJoe Orton2019-11-141-2/+2
| | | | | | | | | | | | r->err_headers_out in ap_cookie_remove and ap_cookie_remove2 functions to avoid duplication in HTTP response. (Follow-up to r1843244) Closes #73 PR: 60910 Submitted by: Lubos Uhliarik <luhliari redhat.com> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1869785 13f79535-47bb-0310-9956-ffa450edef68
* leave a hint about session expiration at TRACE2Eric Covener2019-08-251-0/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1865871 13f79535-47bb-0310-9956-ffa450edef68
* After reinstatement of DSO support in APR/APR-util, revert r1837437,Graham Leggett2019-06-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | r1837435, r1834553, r1833598, r1833452, r1833383, r1833368. Undoes the following: mod_ssl: OpenSSL now initializes fully through APR, use that. mod_ssl: build with LibreSSL. LibreSSL seems to be openssl-1.1 API compatible only in version 2.8 (master). So use that for MODSSL_USE_OPENSSL_PRE_1_1_API instead of 2.7, the two 2.7 compatibility-exceptions are handled explicitely but overall it's simpler. Regarding CRYPTO_malloc_init vs OPENSSL_malloc_init, libreSSL uses none, the former used to be a no-op but depends is LIBRESSL_INTERNAL in latest versions, while the latter has never been (and will never be) defined. So don't call any with LibreSSL. Follow up to r1833368: share openssl between modules. Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto can use the same crypto library (e.g. openssl), use the new APR crypto loading API so that they can work together and initialize/terminate the lib either once for all or on demand and reusable by the others. Follow up to r1833368: apr_crypto_prng_after_fork() now used a PID. Make use of the new apr_crypto_rng API if available. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1861947 13f79535-47bb-0310-9956-ffa450edef68
* Always decode session attributes early.Hank Ibell2019-01-101-11/+14
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1850947 13f79535-47bb-0310-9956-ffa450edef68
* mod_session_cookie: avoid adding the Set-Cookie headerLuca Toscano2018-10-091-2/+2
| | | | | | | | | | | | | | | | | | | | in both r->headers_out and r->err_headers_out to avoid duplication. In session_cookie_save it seems that ap_cookie_write is called with r->headers_out and r->err_headers_out, ending up in the same Set-Cookie header on both tables and eventually duplicated in the HTTP response. I took Emmanuel's patch and trimmed out the bits that remove the header only from r->err_headers_out (leaving it to do the work on both tables) as attempt to change this bit of code in the most conservative way as possible. Sending a commit for a broader review. PR: 60910,56098,55278 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843244 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1833368: share openssl between modules.Yann Ylavic2018-06-131-1/+1
| | | | | | | | | | | Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto can use the same crypto library (e.g. openssl), use the new APR crypto loading API so that they can work together and initialize/terminate the lib either once for all or on demand and reusable by the others. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833452 13f79535-47bb-0310-9956-ffa450edef68
* mod_session: Strip Session header when SessionEnv is on.Yann Ylavic2018-02-161-5/+8
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1824390 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1772812: update APLOGNO().Yann Ylavic2017-02-201-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1783764 13f79535-47bb-0310-9956-ffa450edef68
* mod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash)Yann Ylavic2016-12-061-36/+192
| | | | | | | | to prevent deciphering or tampering with a padding oracle attack. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772812 13f79535-47bb-0310-9956-ffa450edef68
* Remove unnecessary apr_table_do() function castsJacob Champion2016-11-101-7/+6
| | | | | | | | | | | | | | | | Function casts can cause hard-to-debug corruption issues if a declaration is accidentally changed to be incompatible. Luckily, most of the function casts for apr_table_do() calls are unnecessary. Remove them, and adjust the signatures for helpers that weren't taking void* as the first argument. The remaining helper that requires a cast is http_filter.c's form_header_field(), which is probably where many of these casts were copy-pasted from. I have left it as-is: it has other direct callers besides apr_table_do(), and it's already documented with warnings not to change the function signature. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769192 13f79535-47bb-0310-9956-ffa450edef68
* mod_session: Introduce SessionExpiryUpdateInterval which allows to Yann Ylavic2015-10-174-7/+44
| | | | | | | | | | configure the session/cookie expiry's update interval. PR 57300. Submitted by: Paul Spangler <paul.spangler ni.com> Reviewed/Committed by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1709121 13f79535-47bb-0310-9956-ffa450edef68
* mod_session_dbd: follow up to r1687021.Yann Ylavic2015-06-231-6/+5
| | | | | | | | Move the new pool argument of dbd_load() first as the other functions in the module (no functional change). Suggested by: mrumph git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1687087 13f79535-47bb-0310-9956-ffa450edef68
* mod_session_dbd: follow up to r1686122.Yann Ylavic2015-06-231-4/+7
| | | | | | | | DBD entries should also have request lifetime. Proposed by: Jacob Champion <jacob.champion ni.com> Reviewed by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1687021 13f79535-47bb-0310-9956-ffa450edef68
* mod_session_dbd: Request Notes should have request lifetime.Nick Kew2015-06-181-3/+3
| | | | | | | Patch by Jacob Champion at ni.com git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1686122 13f79535-47bb-0310-9956-ffa450edef68
* mod_authn_dbd, mod_authz_dbd, mod_session_dbd, mod_rewrite: Fix lifetimeYann Ylavic2015-05-131-1/+2
| | | | | | | | | | | of DB lookup entries independently of the selected DB engine. PR 46421. Suggested by: Michel Stam <michel reverze net> Proposed by: Steven whitson <steven.whitson gmail com> Reviewed/Extended/Committed by: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1679181 13f79535-47bb-0310-9956-ffa450edef68
* mod_session: When we have a session we were unable to decode, behave as if ↵Graham Leggett2014-01-241-12/+18
| | | | | | there was no session at all. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1560977 13f79535-47bb-0310-9956-ffa450edef68
* mod_session: Fix problems interpreting the SessionInclude andJeff Trawick2014-01-201-3/+3
| | | | | | | | | | | SessionExclude configuration. PR: 56038 Submitted by: Erik Pearson <erik adaptations.com> Reviewed by: trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1559828 13f79535-47bb-0310-9956-ffa450edef68
* Remove redundant check (already performed the line before)Christophe Jaillet2013-12-151-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1551012 13f79535-47bb-0310-9956-ffa450edef68
* mod_session_crypto: Make sure we try to initialise twice, so we don'tGraham Leggett2013-12-121-7/+0
| | | | | | | succeed in configtest but fail on restart. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1550312 13f79535-47bb-0310-9956-ffa450edef68
* mod_session: Reset the max-age on session save. PR 47476.Graham Leggett2013-10-131-3/+10
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1531683 13f79535-47bb-0310-9956-ffa450edef68
* mod_session: After parsing the value of the header specified by theGraham Leggett2013-10-131-0/+2
| | | | | | | SessionHeader directive, remove the value from the response. PR 55279. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1531679 13f79535-47bb-0310-9956-ffa450edef68
* Add exec: callout support for mod_session_cryptoDaniel Ruggeri2013-09-171-1/+31
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1524079 13f79535-47bb-0310-9956-ffa450edef68
* CVE-2013-2249Graham Leggett2013-05-313-38/+48
| | | | | | | | | mod_session_dbd: Make sure that dirty flag is respected when saving sessions, and ensure the session ID is changed each time the session changes. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1488158 13f79535-47bb-0310-9956-ffa450edef68
* Kill some NetWare build warnings.Guenter Knauf2013-05-101-1/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1481040 13f79535-47bb-0310-9956-ffa450edef68
* Use %pm available since apr 1.3 instead of an extra call to apr_strerrorStefan Fritsch2013-03-311-3/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1463056 13f79535-47bb-0310-9956-ffa450edef68
* mod_session_crypto: Protect ourselves against underlying libraries whoGraham Leggett2012-12-081-1/+1
| | | | | | | fail to load without providing an error message of their own. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1418655 13f79535-47bb-0310-9956-ffa450edef68
* Axed C++ comments.Guenter Knauf2012-11-141-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1409170 13f79535-47bb-0310-9956-ffa450edef68
* formatting: space vs tabChristophe Jaillet2012-11-131-4/+4
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1408961 13f79535-47bb-0310-9956-ffa450edef68
* mod_session_dbd: fix a segmentation fault in the function dbd_remove.Christophe Jaillet2012-11-131-16/+8
| | | | | | | The segmentation fault is caused by an uninitialized function pointer session_dbd_acquire_fn. PR 53452 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1408958 13f79535-47bb-0310-9956-ffa450edef68
* s/;;/;/Christophe Jaillet2012-10-121-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1397636 13f79535-47bb-0310-9956-ffa450edef68
* Various code clean upStefan Fritsch2012-07-151-1/+1
| | | | | | | | Submitted by: Christophe JAILLET <christophe jaillet wanadoo fr> PR: 52893 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1361801 13f79535-47bb-0310-9956-ffa450edef68
* Your APR does not include SSL/EVP support. Yes, but how do I enable it? ↵Igor Galić2012-04-111-1/+1
| | | | | | --with-crypto git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1324760 13f79535-47bb-0310-9956-ffa450edef68
* mod_session: Sessions are encoded as application/x-www-form-urlencoded ↵Graham Leggett2012-02-251-3/+3
| | | | | | | | | strings, however we do not handle the encoding of spaces properly. Fixed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1293658 13f79535-47bb-0310-9956-ffa450edef68
* Make APACHE_MODULE() accept an optional prerequisite module for configure.Stefan Fritsch2012-01-201-3/+3
| | | | | | | | | | Introduce the following configure time dependencies: mod_proxy_* (except proxy_html) require mod_proxy mod_dav_* require mod_dav mod_session_* require mod_session git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1234180 13f79535-47bb-0310-9956-ffa450edef68
* Add lots of unique tags to error log messagesStefan Fritsch2011-12-033-52/+52
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209766 13f79535-47bb-0310-9956-ffa450edef68
* mod_session_dbd: Use apr_status_t as a return code across the mod_session API.Graham Leggett2011-12-021-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209618 13f79535-47bb-0310-9956-ffa450edef68
* mod_session: Use apr_status_t as a return code across the mod_session API,Graham Leggett2011-12-024-44/+61
| | | | | | | clarify where we ignore errors and why. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209603 13f79535-47bb-0310-9956-ffa450edef68
* mod_session_crypto: Fix a pool lifetime problem when reading fromGraham Leggett2011-12-021-1/+1
| | | | | | | SessionCryptoPassphraseFile. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209461 13f79535-47bb-0310-9956-ffa450edef68
* Remove some more now redundant log prefixesStefan Fritsch2011-11-304-56/+52
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1208816 13f79535-47bb-0310-9956-ffa450edef68
* mod_session_crypto: Add a SessionCryptoPassphraseFile directive so that theGraham Leggett2011-11-301-0/+34
| | | | | | | administrator can hide the keys from the configuration. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1208517 13f79535-47bb-0310-9956-ffa450edef68
* Remove unused variables.Graham Leggett2011-11-251-3/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1206338 13f79535-47bb-0310-9956-ffa450edef68
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-31 19:45:33 +0100