-.if !'po4a'hide' .TH ext_session_acl 8 "19 March 2006"
+.if !'po4a'hide' .TH ext_session_acl 8 "19 September 2011"
.
.SH NAME
.if !'po4a'hide' .B ext_session_acl
.if !'po4a'hide' \-
Squid session tracking external acl helper.
.PP
-Version 1.0
+Version 1.1
.
.SH SYNOPSIS
.if !'po4a'hide' .B ext_session_acl
.SH DESCRIPTION
.B ext_session_acl
maintains a concept of sessions by monitoring requests
-and timing out sessions if no requests have been seen for the idle timeout
-timer.
-.PP
-Intended use is for displaying "terms of use" pages, ad popups etc.
+and timing out sessions. The timeout is based either on idle use (
+.B \-t
+) or a fixed period of time (
+.B \-T
+). The former is suitable for displaying terms and conditions to a user; the
+latter is suitable for the display of advertisments or other notices (both as a
+splash page \- see config examples in the wiki online). The session helper can also be used
+to force users to re\-authenticate if the
+.B %LOGIN
+and
+.B \-a
+are both used.
.
.SH OPTIONS
.if !'po4a'hide' .TP 12
.if !'po4a'hide' .B "\-t timeout"
-.B Timeout
-for any session. If not specified the default is 3600 seconds.
+Idle timeout for any session. The default if not specified (set to 3600 seconds).
+.
+.if !'po4a'hide' .TP
+.if !'po4a'hide' .B "\-T timeout"
+Fixed timeout for any session. This will end the session after the timeout regardless
+of a user's activity. If used with
+.B active
+mode, this will terminate the user's session after
+.B timeout
+, after which another
+.B LOGIN
+will be required.
+.B LOGOUT
+will reset the session and timeout.
.
.if !'po4a'hide' .TP
.if !'po4a'hide' .B "\-b path"
.B Path
to persistent database. If not specified the session details
will be kept in memory only and all sessions will reset each time
-Squid restarts it's helpers (Squid restart or rotation of logs).
+Squid restarts its helpers (Squid restart or rotation of logs).
.
.if !'po4a'hide' .TP
.if !'po4a'hide' .B \-a
acl with the argument
.B LOGIN
, or terminated by the argument
-.B LOGOUT
-.PP
+.B LOGOUT .
Without this flag the helper automatically starts the session after
the first request.
-.
.SH CONFIGURATION
.PP
+The
+.B ext_session_acl
+helper is a concurrent helper; therefore, the concurrency= option
+.B must
+be specified in the configuration.
+.PP
Configuration example using the default automatic mode
.if !'po4a'hide' .RS
.if !'po4a'hide' .B external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/ext_session_acl
#endif
static int session_ttl = 3600;
+static int fixed_timeout = 0;
char *db_path = NULL;
const char *program_name;
data.data = &now;
data.size = sizeof(now);
db->put(db, &key, &data, 0);
+ db->sync(db, 0);
}
static void session_logout(const char *details, size_t len)
static void usage(void)
{
- fprintf(stderr, "Usage: %s [-t session_timeout] [-b dbpath] [-a]\n", program_name);
- fprintf(stderr, " -t sessiontimeout Idle timeout after which sessions will be forgotten\n");
+ fprintf(stderr, "Usage: %s [-t|-T session_timeout] [-b dbpath] [-a]\n", program_name);
+ fprintf(stderr, " -t sessiontimeout Idle timeout after which sessions will be forgotten (user activity will reset)\n");
+ fprintf(stderr, " -T sessiontimeout Fixed timeout after which sessions will be forgotten (regardless of user activity)\n");
fprintf(stderr, " -b dbpath Path where persistent session database will be kept\n");
fprintf(stderr, " -a Active mode requiring LOGIN argument to start a session\n");
}
program_name = argv[0];
- while ((opt = getopt(argc, argv, "t:b:a?")) != -1) {
+ while ((opt = getopt(argc, argv, "t:T:b:a?")) != -1) {
switch (opt) {
+ case 'T':
+ fixed_timeout = 1;
case 't':
session_ttl = strtol(optarg, NULL, 0);
break;
while (fgets(request, HELPER_INPUT_BUFFER, stdin)) {
int action = 0;
- const char *user_key = strtok(request, " \n");
+ const char *channel_id = strtok(request, " ");
const char *detail = strtok(NULL, "\n");
+ if (detail == NULL) {
+ // Only 1 paramater supplied. We are expecting at least 2 (including the channel ID)
+ fprintf(stderr, "FATAL: %s is concurrent and requires the concurrency option to be specified.\n", program_name);
+ exit(1);
+ }
const char *lastdetail = strrchr(detail, ' ');
size_t detail_len = strlen(detail);
if (lastdetail) {
}
if (action == -1) {
session_logout(detail, detail_len);
- printf("%s OK message=\"Bye\"\n", user_key);
+ printf("%s OK message=\"Bye\"\n", channel_id);
} else if (action == 1) {
session_login(detail, detail_len);
- printf("%s OK message=\"Welcome\"\n", user_key);
+ printf("%s OK message=\"Welcome\"\n", channel_id);
} else if (session_active(detail, detail_len)) {
- session_login(detail, detail_len);
- printf("%s OK\n", user_key);
+ if (fixed_timeout == 0) {
+ session_login(detail, detail_len);
+ }
+ printf("%s OK\n", channel_id);
} else if (default_action == 1) {
session_login(detail, detail_len);
- printf("%s ERR message=\"Welcome\"\n", user_key);
+ printf("%s ERR message=\"Welcome\"\n", channel_id);
} else {
- printf("%s ERR message=\"No session available\"\n", user_key);
+ printf("%s ERR message=\"No session available\"\n", channel_id);
}
}
shutdown_db();
projects / thirdparty / squid.git / commitdiff
