Bug 53029 - Segmentation fault when no cookie is present
Summary: Segmentation fault when no cookie is present
Status: RESOLVED DUPLICATE of bug 53452
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_session_dbd (show other bugs)
Version: 2.4.1
Hardware: Macintosh All
: P2 major (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-03 16:32 UTC by Chris
Modified: 2012-07-26 03:07 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Chris 2012-04-03 16:32:00 UTC
I am trying to use mod_session_dbd to store our session information (from mod_auth_form) in our DB. We had previously been using mod_session_cookie which was working just fine. Once we switched to mod_session_dbd we started getting segfaults while running httpd (with no error message) whenever we rebooted our machines.

After some trial and error it turns out that the segfault occurs because there is no cookie for the site using mod_session_dbd present in the browser. You can recreate the problem very easily by enabling mod_session_dbd and deleting any cookies for your site from your browser then trying to load a page. To "fix" the problem you can enable mod_session_cookie, go to the site (which generates a cookie), shutdown httpd, re-enable mod_session_dbd and go to the site. This time it will work and you can see the cookie be renamed and changed based on mod_session_dbd. But if you delete that cookie and restart httpd the segfaults will return.

Another weird item is the first time you load the page after enabling mod_session_dbd (with a cookie present from mod_session_cookie) the guid saves in the cookie and DB is all zeros. The next time you load the page it gets a random guid.

mod_session_dbd config:

DBDPrepareSQL "DELETE FROM apache_session WHERE id = %s" deletesession
DBDPrepareSQL "UPDATE apache_session SET value = %s, expiry = %lld WHERE id = %s" updatesession
DBDPrepareSQL "INSERT INTO apache_session (value, expiry, id) VALUES (%s, %lld, %s)" insertsession
DBDPrepareSQL "SELECT value FROM apache_session WHERE id = %s AND (expiry = 0 OR expiry > %lld)" selectsession
DBDPrepareSQL "DELETE FROM apache_session WHERE expiry != 0 AND expiry < %lld" cleansession

LoadModule session_module modules/mod_session.so
LoadModule session_dbd_module modules/mod_session_dbd.so
#LoadModule session_cookie_module modules/mod_session_cookie.so
LoadModule session_crypto_module modules/mod_session_crypto.so

Session On
SessionCryptoPassphrase secret
#SessionCookieName session path=/
SessionDBDCookieName session path=/
Comment 1 Chris 2012-07-26 03:07:46 UTC
53452 is more accurate of an assessment.

*** This bug has been marked as a duplicate of bug 53452 ***