OK, so almost a month ago, Cliff Woolley, Sander Holthaus, John K. Sterling, and Jeff Trawick all encouraged me to change the mod_usertrack patch I submitted so that instead of relying on a regexp to correctly find the cookie in the cookie header (why the current mod_usertrack sometimes fails to do this is detailed at http://manniwood.net/mod_usertrack_patch.html), the patch would rely on a small state machine to do the same.
The small state machine would crawl down the cookie header, character by character, only once (or less, if the cookie is actually found in the middle of the cookie header and the search ends), which should be a speed improvement, yet hold onto the accuracy of my original patch. Please find attached my latest patch for the 2.0.44 version of mod_usertrack, as well as ch6.c, a program I wrote to test my state machine for accuracy and robustness. Some comments: 1. I looked into the cookie RFC, which refers to the HTTP RFC on what the definition of a quoted value is. Interestingly, a quoted value is not allowed to contain quotes, not even escaped quotes. Can someone correct me on my assumption if I am wrong? More interestingly, I see no reason why an unquoted value cannot contain unescaped quotes --- it's just not allowed to contain spaces. 2. A valid cookie in the header does not need a value. Hence, you can have, in the cookie header, a cookie name, followed by a semi-colon, instead of the equal sign and value and *then* the semi-colon you would expect. 3. A valid cookie header can separate its cookie/value pairs with commas as well as semi-colons, and can have space before and after the semi-colons or commas. 4. A valid cookie/value pair can have space before and after the equal sign. 5. My state machine, based on my extensive testing, gracefully handles all the above assumptions, and also gracefully aborts searching malformed cookie headers. The resulting state machine is not as simple as I had hoped! 6. I have not had the time to load-test my state-machine fix versus my regexp fix. (The box I was using for load testing just got WinXP installed, and Jmeter is crapping out now. I'll have to find another box to load-test Apache. When I do, I'll get you the results.) 7. I also have not done a 1.3.x version of the patch, though it should be trivial for me to do, and I want to as soon as I get the time and some feedback from you guys. I mostly would like feedback from the four of you on the code I've done so far to see if you are confident the code is accurate and robust, and that I've generally headed in the right direction with it. Looking forward to your comments, -Manni -----Original Message----- From: Cliff Woolley [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 6:00 PM To: [EMAIL PROTECTED] Subject: RE: mod_usertrack bugfix patch On Tue, 25 Feb 2003, Manni Wood wrote: > Kind of funny. While reading all these helpful e-mails, I was telling > myself "so really, what I need to do is build some sort of state > machine..." and there the phrase was in your latest e-mail. OK, so > with everybody's help, I think I have everything I need (most > especially the outline for an improved algorithm) to deliver improved > accuracy *and* performance finding the cookie in mod_usertrack. I > guess it's time to get hacking. Sweet! I look forward to the next rev. :) --Cliff
mod_usertrack_2.0.patch
Description: mod_usertrack_2.0.patch
ch6.c
Description: ch6.c
