From 39fbba1eb063040faf2b41549d7f9fe020dc0e9b Mon Sep 17 00:00:00 2001 From: Hank Ibell Date: Thu, 10 Jan 2019 15:52:31 +0000 Subject: [PATCH] Always decode session attributes early. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1850947 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 2 ++ modules/session/mod_session.c | 25 ++++++++++++++----------- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/CHANGES b/CHANGES index 032f68ac8df..69e5ec69f4e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_session: Always decode session attributes early. [Hank Ibell] + *) core: Incorrect values for environment variables are substituted when multiple environment variables are specified in a directive. [Hank Ibell] diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c index 10e6396a294..7ee477ce1dd 100644 --- a/modules/session/mod_session.c +++ b/modules/session/mod_session.c @@ -126,20 +126,23 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z) /* found a session that hasn't expired? */ now = apr_time_now(); + if (zz) { - if (zz->expiry && zz->expiry < now) { + /* load the session attibutes */ + rv = ap_run_session_decode(r, zz); + + /* having a session we cannot decode is just as good as having + none at all */ + if (OK != rv) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817) + "error while decoding the session, " + "session not loaded: %s", r->uri); zz = NULL; } - else { - /* having a session we cannot decode is just as good as having - none at all */ - rv = ap_run_session_decode(r, zz); - if (OK != rv) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817) - "error while decoding the session, " - "session not loaded: %s", r->uri); - zz = NULL; - } + + /* invalidate session if session is expired */ + if (zz && zz->expiry && zz->expiry < now) { + zz = NULL; } } -- 2.47.3