Attachment #33017 for bug #57300

View | Details | Raw Unified | Return to bug 57300
Collapse All | Expand All

Lines 592-597 Link Here

(-)docs/manual/mod/directives.html.en (+1 lines)
592	<li><a href="mod_session_dbd.html#sessiondbdupdatelabel">SessionDBDUpdateLabel</a></li>	592	<li><a href="mod_session_dbd.html#sessiondbdupdatelabel">SessionDBDUpdateLabel</a></li>
593	<li><a href="mod_session.html#sessionenv">SessionEnv</a></li>	593	<li><a href="mod_session.html#sessionenv">SessionEnv</a></li>
594	<li><a href="mod_session.html#sessionexclude">SessionExclude</a></li>	594	<li><a href="mod_session.html#sessionexclude">SessionExclude</a></li>
		595	<li><a href="mod_session.html#sessionexpiryupdateinterval">SessionExpiryUpdateInterval</a></li>
595	<li><a href="mod_session.html#sessionheader">SessionHeader</a></li>	596	<li><a href="mod_session.html#sessionheader">SessionHeader</a></li>
596	<li><a href="mod_session.html#sessioninclude">SessionInclude</a></li>	597	<li><a href="mod_session.html#sessioninclude">SessionInclude</a></li>
597	<li><a href="mod_session.html#sessionmaxage">SessionMaxAge</a></li>	598	<li><a href="mod_session.html#sessionmaxage">SessionMaxAge</a></li>




</usage>
</directivesynopsis>

<directivesynopsis>
<name>SessionExpiryUpdateInterval</name>
<description>Define the number of seconds a session's expiry may change without
being written</description>
<syntax>SessionExpiryUpdateInterval <var>interval</var></syntax>
<default>SessionExpiryUpdateInterval 0</default>
<contextlist><context>server config</context>
<context>virtual host</context>
<context>directory</context>
<context>.htaccess</context>
</contextlist>

<usage>
    <p>The <directive>SessionExpiryUpdateInterval</directive> directive allows
    sessions to avoid the cost associated with writing the session each request
    when only the expiry time has changed. This can be used to make a website
    more efficient or reduce load on a database when using
    <module>mod_session_dbd</module>. The session is always written if the data
    stored in the session has changed or the expiry has changed by more than the
    configured interval.</p>

    <p>Setting the interval to zero disables this directive, and the session
    expiry is refreshed each request.</p>

    <p>This directive only has an effect when combined with
    <directive module="mod_session">SessionMaxAge</directive> to enable session
    expiry. Sessions without an expiry are only written when the data stored in
    the session has changed.</p>

    <note type="warning"><title>Warning</title>
    <p>Because the session expiry may not be refreshed with each request, it's
    possible for sessions to expire up to <var>interval</var> seconds early.
    Using a small interval usually provides sufficient savings while having a
    minimal effect on expiry resolution.</p></note>
</usage>
</directivesynopsis>

</modulesynopsis>




<li><img alt="" src="../images/down.gif" /> <a href="#session">Session</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sessionenv">SessionEnv</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sessionexclude">SessionExclude</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sessionexpiryupdateinterval">SessionExpiryUpdateInterval</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sessionheader">SessionHeader</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sessioninclude">SessionInclude</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#sessionmaxage">SessionMaxAge</a></li>


</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SessionExpiryUpdateInterval" id="SessionExpiryUpdateInterval">SessionExpiryUpdateInterval</a> <a name="sessionexpiryupdateinterval" id="sessionexpiryupdateinterval">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Define the number of seconds a session's expiry may change without
being written</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionExpiryUpdateInterval <var>interval</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SessionExpiryUpdateInterval 0</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_session</td></tr>
</table>
    <p>The <code class="directive">SessionExpiryUpdateInterval</code> directive allows
    sessions to avoid the cost associated with writing the session each request
    when only the expiry time has changed. This can be used to make a website
    more efficient or reduce load on a database when using
    <code class="module"><a href="../mod/mod_session_dbd.html">mod_session_dbd</a></code>. The session is always written if the data
    stored in the session has changed or the expiry has changed by more than the
    configured interval.</p>

    <p>Setting the interval to zero disables this directive, and the session
    expiry is refreshed each request.</p>

    <p>This directive only has an effect when combined with
    <code class="directive"><a href="#sessionmaxage">SessionMaxAge</a></code> to enable session
    expiry. Sessions without an expiry are only written when the data stored in
    the session has changed.</p>

    <div class="warning"><h3>Warning</h3>
    <p>Because the session expiry may not be refreshed with each request, it's
    possible for sessions to expire up to <var>interval</var> seconds early.
    Using a small interval usually provides sufficient savings while having a
    minimal effect on expiry resolution.</p></div>

</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="SessionHeader" id="SessionHeader">SessionHeader</a> <a name="sessionheader" id="sessionheader">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Import session updates from a given HTTP response header</td></tr>




{
    if (z) {
        apr_time_t now = apr_time_now();
        apr_time_t initialExpiry = z->expiry;
        int rv = 0;

        session_dir_conf *dconf = ap_get_module_config(r->per_dir_config,

            z->expiry = now + z->maxage * APR_USEC_PER_SEC;
        } 

        /* don't save if the only change is the expiry by a small amount */
        if (!z->dirty && dconf->expiry_update_time
            && (z->expiry - initialExpiry
                < dconf->expiry_update_time * APR_USEC_PER_SEC)) {
            return APR_SUCCESS;
        }

        /* also don't save sessions that didn't change at all */
        if (!z->dirty && !z->maxage) {
            return APR_SUCCESS;
        }

        /* encode the session */
        rv = ap_run_session_encode(r, z);
        if (OK != rv) {

    new->env_set = add->env_set || base->env_set;
    new->includes = apr_array_append(p, base->includes, add->includes);
    new->excludes = apr_array_append(p, base->excludes, add->excludes);
    new->expiry_update_time = (add->expiry_update_set == 0) ?
        base->expiry_update_time : add->expiry_update_time;
    new->expiry_update_set = add->expiry_update_set || base->expiry_update_set;

    return new;
}

    return NULL;
}

static const char *
     set_session_expiry_update(cmd_parms * parms, void *dconf, const char *arg)
{
    session_dir_conf *conf = dconf;

    conf->expiry_update_time = atol(arg);
    conf->expiry_update_set = 1;

    return NULL;
}


static const command_rec session_cmds[] =
{
    AP_INIT_FLAG("Session", set_session_enable, NULL, RSRC_CONF|OR_AUTHCFG,

                  "URL prefixes to include in the session. Defaults to all URLs"),
    AP_INIT_TAKE1("SessionExclude", add_session_exclude, NULL, RSRC_CONF|OR_AUTHCFG,
                  "URL prefixes to exclude from the session. Defaults to no URLs"),
    AP_INIT_TAKE1("SessionExpiryUpdateInterval", set_session_expiry_update, NULL, RSRC_CONF|OR_AUTHCFG,
                  "length of time for which a session's expiry time may change without having to be rewritten. Zero to disable"),
    {NULL}
};


Lines 115-120 Link Here

(-)modules/session/mod_session.h (+3 lines)
115	* URLs included if empty */	115	* URLs included if empty */
116	apr_array_header_t excludes; / URL prefixes to be excluded. No	116	apr_array_header_t excludes; / URL prefixes to be excluded. No
117	* URLs excluded if empty */	117	* URLs excluded if empty */
		118	long expiry_update_time; /* seconds the session expiry may change and
		119	* not have to be rewritten */
		120	int expiry_update_set;
118	} session_dir_conf;	121	} session_dir_conf;
119		122
120	/**	123	/**

Lines 245-250 Link Here

(-)modules/session/mod_session_dbd.c (-3 / +3 lines)
245	/* put the session in the notes so we don't have to parse it again */	245	/* put the session in the notes so we don't have to parse it again */
246	apr_table_setn(m->notes, note, (char *)zz);	246	apr_table_setn(m->notes, note, (char *)zz);
247		247
		248	/* don't cache pages with a session */
		249	apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
		250
248	return OK;	251	return OK;
249		252
250	}	253	}
Lines 409-417 Link Here
409	if (conf->name_set \|\| conf->name2_set) {	412	if (conf->name_set \|\| conf->name2_set) {
410	char oldkey = NULL, newkey = NULL;	413	char oldkey = NULL, newkey = NULL;
411		414
412	/* don't cache pages with a session */
413	apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
414
415	/* if the session is new or changed, make a new session ID */	415	/* if the session is new or changed, make a new session ID */
416	if (z->uuid) {	416	if (z->uuid) {
417	oldkey = apr_pcalloc(r->pool, APR_UUID_FORMATTED_LENGTH + 1);	417	oldkey = apr_pcalloc(r->pool, APR_UUID_FORMATTED_LENGTH + 1);




    session_cookie_dir_conf *conf = ap_get_module_config(r->per_dir_config,
                                                    &session_cookie_module);

    /* don't cache auth protected pages */
    apr_table_addn(r->headers_out, "Cache-Control", "no-cache");

    /* create RFC2109 compliant cookie */
    if (conf->name_set) {
        if (z->encoded && z->encoded[0]) {

    /* put the session in the notes so we don't have to parse it again */
    apr_table_setn(m->notes, note, (char *)zz);

    /* don't cache auth protected pages */
    apr_table_addn(r->headers_out, "Cache-Control", "no-cache");

    return OK;

}

Return to bug 57300

Lines 487-490 Link Here

(-)docs/manual/mod/mod_session.xml (+37 lines)
487	</usage>	487	</usage>
488	</directivesynopsis>	488	</directivesynopsis>
489		489
		490	<directivesynopsis>
		491	<name>SessionExpiryUpdateInterval</name>
		492	<description>Define the number of seconds a session's expiry may change without
		493	being written</description>
		494	<syntax>SessionExpiryUpdateInterval <var>interval</var></syntax>
		495	<default>SessionExpiryUpdateInterval 0</default>
		496	<contextlist><context>server config</context>
		497	<context>virtual host</context>
		498	<context>directory</context>
		499	<context>.htaccess</context>
		500	</contextlist>
		501
		502	<usage>
		503	<p>The <directive>SessionExpiryUpdateInterval</directive> directive allows
		504	sessions to avoid the cost associated with writing the session each request
		505	when only the expiry time has changed. This can be used to make a website
		506	more efficient or reduce load on a database when using
		507	<module>mod_session_dbd</module>. The session is always written if the data
		508	stored in the session has changed or the expiry has changed by more than the
		509	configured interval.</p>
		510
		511	<p>Setting the interval to zero disables this directive, and the session
		512	expiry is refreshed each request.</p>
		513
		514	<p>This directive only has an effect when combined with
		515	<directive module="mod_session">SessionMaxAge</directive> to enable session
		516	expiry. Sessions without an expiry are only written when the data stored in
		517	the session has changed.</p>
		518
		519	<note type="warning"><title>Warning</title>
		520	<p>Because the session expiry may not be refreshed with each request, it's
		521	possible for sessions to expire up to <var>interval</var> seconds early.
		522	Using a small interval usually provides sufficient savings while having a
		523	minimal effect on expiry resolution.</p></note>
		524	</usage>
		525	</directivesynopsis>
		526
490	</modulesynopsis>	527	</modulesynopsis>

Lines 177-182 Link Here

(-)modules/session/mod_session.c (+29 lines)
177	{	177	{
178	if (z) {	178	if (z) {
179	apr_time_t now = apr_time_now();	179	apr_time_t now = apr_time_now();
		180	apr_time_t initialExpiry = z->expiry;
180	int rv = 0;	181	int rv = 0;
181		182
182	session_dir_conf *dconf = ap_get_module_config(r->per_dir_config,	183	session_dir_conf *dconf = ap_get_module_config(r->per_dir_config,
Lines 207-212 Link Here
207	z->expiry = now + z->maxage * APR_USEC_PER_SEC;	208	z->expiry = now + z->maxage * APR_USEC_PER_SEC;
208	}	209	}
209		210
		211	/* don't save if the only change is the expiry by a small amount */
		212	if (!z->dirty && dconf->expiry_update_time
		213	&& (z->expiry - initialExpiry
		214	< dconf->expiry_update_time * APR_USEC_PER_SEC)) {
		215	return APR_SUCCESS;
		216	}
		217
		218	/* also don't save sessions that didn't change at all */
		219	if (!z->dirty && !z->maxage) {
		220	return APR_SUCCESS;
		221	}
		222
210	/* encode the session */	223	/* encode the session */
211	rv = ap_run_session_encode(r, z);	224	rv = ap_run_session_encode(r, z);
212	if (OK != rv) {	225	if (OK != rv) {
Lines 551-556 Link Here
551	new->env_set = add->env_set \|\| base->env_set;	564	new->env_set = add->env_set \|\| base->env_set;
552	new->includes = apr_array_append(p, base->includes, add->includes);	565	new->includes = apr_array_append(p, base->includes, add->includes);
553	new->excludes = apr_array_append(p, base->excludes, add->excludes);	566	new->excludes = apr_array_append(p, base->excludes, add->excludes);
		567	new->expiry_update_time = (add->expiry_update_set == 0) ?
		568	base->expiry_update_time : add->expiry_update_time;
		569	new->expiry_update_set = add->expiry_update_set \|\| base->expiry_update_set;
554		570
555	return new;	571	return new;
556	}	572	}
Lines 620-626 Link Here
620	return NULL;	636	return NULL;
621	}	637	}
622		638
		639	static const char *
		640	set_session_expiry_update(cmd_parms * parms, void dconf, const char arg)
		641	{
		642	session_dir_conf *conf = dconf;
623		643
		644	conf->expiry_update_time = atol(arg);
		645	conf->expiry_update_set = 1;
		646
		647	return NULL;
		648	}
		649
		650
624	static const command_rec session_cmds[] =	651	static const command_rec session_cmds[] =
625	{	652	{
626	AP_INIT_FLAG("Session", set_session_enable, NULL, RSRC_CONF\|OR_AUTHCFG,	653	AP_INIT_FLAG("Session", set_session_enable, NULL, RSRC_CONF\|OR_AUTHCFG,
Lines 635-640 Link Here
635	"URL prefixes to include in the session. Defaults to all URLs"),	662	"URL prefixes to include in the session. Defaults to all URLs"),
636	AP_INIT_TAKE1("SessionExclude", add_session_exclude, NULL, RSRC_CONF\|OR_AUTHCFG,	663	AP_INIT_TAKE1("SessionExclude", add_session_exclude, NULL, RSRC_CONF\|OR_AUTHCFG,
637	"URL prefixes to exclude from the session. Defaults to no URLs"),	664	"URL prefixes to exclude from the session. Defaults to no URLs"),
		665	AP_INIT_TAKE1("SessionExpiryUpdateInterval", set_session_expiry_update, NULL, RSRC_CONF\|OR_AUTHCFG,
		666	"length of time for which a session's expiry time may change without having to be rewritten. Zero to disable"),
638	{NULL}	667	{NULL}
639	};	668	};
640		669

Lines 60-68 Link Here

(-)modules/session/mod_session_cookie.c (-3 / +3 lines)
60	session_cookie_dir_conf *conf = ap_get_module_config(r->per_dir_config,	60	session_cookie_dir_conf *conf = ap_get_module_config(r->per_dir_config,
61	&session_cookie_module);	61	&session_cookie_module);
62		62
63	/* don't cache auth protected pages */
64	apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
65
66	/* create RFC2109 compliant cookie */	63	/* create RFC2109 compliant cookie */
67	if (conf->name_set) {	64	if (conf->name_set) {
68	if (z->encoded && z->encoded[0]) {	65	if (z->encoded && z->encoded[0]) {
Lines 162-167 Link Here
162	/* put the session in the notes so we don't have to parse it again */	159	/* put the session in the notes so we don't have to parse it again */
163	apr_table_setn(m->notes, note, (char *)zz);	160	apr_table_setn(m->notes, note, (char *)zz);
164		161
		162	/* don't cache auth protected pages */
		163	apr_table_addn(r->headers_out, "Cache-Control", "no-cache");
		164
165	return OK;	165	return OK;
166		166
167	}	167	}

Lines 78-83 Link Here

(-)docs/manual/mod/mod_session.html.en (+35 lines)
78	<li><img alt="" src="../images/down.gif" /> <a href="#session">Session</a></li>	78	<li><img alt="" src="../images/down.gif" /> <a href="#session">Session</a></li>
79	<li><img alt="" src="../images/down.gif" /> <a href="#sessionenv">SessionEnv</a></li>	79	<li><img alt="" src="../images/down.gif" /> <a href="#sessionenv">SessionEnv</a></li>
80	<li><img alt="" src="../images/down.gif" /> <a href="#sessionexclude">SessionExclude</a></li>	80	<li><img alt="" src="../images/down.gif" /> <a href="#sessionexclude">SessionExclude</a></li>
		81	<li><img alt="" src="../images/down.gif" /> <a href="#sessionexpiryupdateinterval">SessionExpiryUpdateInterval</a></li>
81	<li><img alt="" src="../images/down.gif" /> <a href="#sessionheader">SessionHeader</a></li>	82	<li><img alt="" src="../images/down.gif" /> <a href="#sessionheader">SessionHeader</a></li>
82	<li><img alt="" src="../images/down.gif" /> <a href="#sessioninclude">SessionInclude</a></li>	83	<li><img alt="" src="../images/down.gif" /> <a href="#sessioninclude">SessionInclude</a></li>
83	<li><img alt="" src="../images/down.gif" /> <a href="#sessionmaxage">SessionMaxAge</a></li>	84	<li><img alt="" src="../images/down.gif" /> <a href="#sessionmaxage">SessionMaxAge</a></li>
Lines 411-416 Link Here
411		412
412	</div>	413	</div>
413	<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>	414	<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
		415	<div class="directive-section"><h2><a name="SessionExpiryUpdateInterval" id="SessionExpiryUpdateInterval">SessionExpiryUpdateInterval</a> <a name="sessionexpiryupdateinterval" id="sessionexpiryupdateinterval">Directive</a></h2>
		416	<table class="directive">
		417	<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Define the number of seconds a session's expiry may change without
		418	being written</td></tr>
		419	<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionExpiryUpdateInterval <var>interval</var></code></td></tr>
		420	<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SessionExpiryUpdateInterval 0</code></td></tr>
		421	<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
		422	<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
		423	<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_session</td></tr>
		424	</table>
		425	<p>The <code class="directive">SessionExpiryUpdateInterval</code> directive allows
		426	sessions to avoid the cost associated with writing the session each request
		427	when only the expiry time has changed. This can be used to make a website
		428	more efficient or reduce load on a database when using
		429	<code class="module"><a href="../mod/mod_session_dbd.html">mod_session_dbd</a></code>. The session is always written if the data
		430	stored in the session has changed or the expiry has changed by more than the
		431	configured interval.</p>
		432
		433	<p>Setting the interval to zero disables this directive, and the session
		434	expiry is refreshed each request.</p>
		435
		436	<p>This directive only has an effect when combined with
		437	<code class="directive"><a href="#sessionmaxage">SessionMaxAge</a></code> to enable session
		438	expiry. Sessions without an expiry are only written when the data stored in
		439	the session has changed.</p>
		440
		441	<div class="warning"><h3>Warning</h3>
		442	<p>Because the session expiry may not be refreshed with each request, it's
		443	possible for sessions to expire up to <var>interval</var> seconds early.
		444	Using a small interval usually provides sufficient savings while having a
		445	minimal effect on expiry resolution.</p></div>
		446
		447	</div>
		448	<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
414	<div class="directive-section"><h2><a name="SessionHeader" id="SessionHeader">SessionHeader</a> <a name="sessionheader" id="sessionheader">Directive</a></h2>	449	<div class="directive-section"><h2><a name="SessionHeader" id="SessionHeader">SessionHeader</a> <a name="sessionheader" id="sessionheader">Directive</a></h2>
415	<table class="directive">	450	<table class="directive">
416	<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Import session updates from a given HTTP response header</td></tr>	451	<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Import session updates from a given HTTP response header</td></tr>