src/acl/external/session/ext_session_acl.8

   1 .if !'po4a'hide' .TH ext_session_acl 8 "9 October 2011"
   2 .
   3 .SH NAME
   4 ext_session_acl \- Squid session tracking external acl helper.
   5 .PP
   6 Version 1.2
   7 .
   8 .SH SYNOPSIS
   9 .if !'po4a'hide' .B ext_session_acl
  10 .if !'po4a'hide' .B "[\-t"
  11 timeout
  12 .if !'po4a'hide' .B "] [\-b"
  13 database
  14 .if !'po4a'hide' .B "] [\-a]"
  15 .
  16 .SH DESCRIPTION
  17 .B ext_session_acl
  18 maintains a concept of sessions by monitoring requests
  19 and timing out sessions. The timeout is based either on idle use (
  20 .B \-t
  21 ) or a fixed period of time (
  22 .B \-T
  23 ). The former is suitable for displaying terms and conditions to a user; the
  24 latter is suitable for the display of advertisements or other notices (both as a
  25 splash page \- see config examples in the wiki online). The session helper can also be used
  26 to force users to re\-authenticate if the
  27 .B %LOGIN
  28 and
  29 .B \-a
  30 are both used.
  31 .
  32 .SH OPTIONS
  33 .if !'po4a'hide' .TP 12
  34 .if !'po4a'hide' .B "\-t timeout"
  35 Idle timeout for any session. The default if not specified (set to 3600 seconds).
  36 .
  37 .if !'po4a'hide' .TP
  38 .if !'po4a'hide' .B "\-T timeout"
  39 Fixed timeout for any session. This will end the session after the timeout regardless
  40 of a user's activity. If used with
  41 .B active
  42 mode, this will terminate the user's session after
  43 .B timeout
  44 , after which another
  45 .B LOGIN
  46 will be required.
  47 .B LOGOUT
  48 will reset the session and timeout.
  49 .
  50 .if !'po4a'hide' .TP
  51 .if !'po4a'hide' .B "\-b path"
  52 .B Path
  53 to persistent database. If a file is specified then that single file is
  54 used as the database. If a path is specified, a Berkeley DB database
  55 environment is created within the directory. The advantage of the latter
  56 is better database support between multiple instances of the session
  57 helper. Using multiple instances of the session helper with a single
  58 database file will cause synchronization problems between processes.
  59 If this option is not specified the session details will be kept in
  60 memory only and all sessions will reset each time Squid restarts its
  61 helpers (Squid restart or rotation of logs).
  62 .
  63 .if !'po4a'hide' .TP
  64 .if !'po4a'hide' .B \-a
  65 Active mode. In this mode sessions are started by evaluating an
  66 acl with the argument
  67 .B LOGIN
  68 , or terminated by the argument
  69 .B LOGOUT \.
  70 Without this flag the helper automatically starts the session after
  71 the first request.
  72 .SH CONFIGURATION
  73 .PP
  74 The
  75 .B ext_session_acl
  76 helper is a concurrent helper; therefore, the concurrency= option
  77 .B must
  78 be specified in the configuration.
  79 .PP
  80 Passive session configuration example using the default automatic mode
  81 .if !'po4a'hide' .RS
  82 .if !'po4a'hide' .B external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/ext_session_acl
  83 .if !'po4a'hide' .br
  84 .if !'po4a'hide' .B acl session external session
  85 .if !'po4a'hide' .br
  86 .if !'po4a'hide' .B http_access deny !session
  87 .if !'po4a'hide' .br
  88 .if !'po4a'hide' .B deny_info http://your.server.example.com/bannerpage?url=%s session
  89 .if !'po4a'hide' .RE
  90 .PP
  91 Then set up
  92 .B http://your.server.example.com/bannerpage
  93 to display a session startup page and then redirect the user back to the requested URL given in the url query parameter.
  94 .
  95 .SH AUTHOR
  96 This program and documentation was written by
  97 .if !'po4a'hide' .I Henrik Nordstrom <henrik@henriknordstrom.net>
  98 .if !'po4a'hide' .I Andrew Beverley <andy@andybev.com>
  99 .
 100 .SH COPYRIGHT
 101 .PP
 102  * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
 103  *
 104  * Squid software is distributed under GPLv2+ license and includes
 105  * contributions from numerous individuals and organizations.
 106  * Please see the COPYING and CONTRIBUTORS files for details.
 107 .PP
 108 This program and documentation is copyright to the authors named above.
 109 .PP
 110 Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
 111 .
 112 .SH QUESTIONS
 113 Questions on the usage of this program can be sent to the
 114 .I Squid Users mailing list
 115 .if !'po4a'hide' <squid-users@lists.squid-cache.org>
 116 .
 117 .SH REPORTING BUGS
 118 Bug reports need to be made in English.
 119 See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
 120 .PP
 121 Report bugs or bug fixes using http://bugs.squid-cache.org/
 122 .PP
 123 Report serious security bugs to
 124 .I Squid Bugs <squid-bugs@lists.squid-cache.org>
 125 .PP
 126 Report ideas for new improvements to the
 127 .I Squid Developers mailing list
 128 .if !'po4a'hide' <squid-dev@lists.squid-cache.org>
 129 .
 130 .SH SEE ALSO
 131 .if !'po4a'hide' .BR squid "(8), "
 132 .if !'po4a'hide' .BR GPL "(7), "
 133 .br
 134 The Squid FAQ wiki
 135 .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
 136 .br
 137 The Squid Configuration Manual
 138 .if !'po4a'hide' http://www.squid-cache.org/Doc/config/