I've had this deployed for some time now and it works just fine. Did this just fall asleep or is further explanation desired ?
On Fri, Dec 13, 2013 at 9:10 AM, Thomas Eckert <thomas.r.w.eck...@gmail.com>wrote: > Must have made some mistake when testing it yesterday because it works > like a charm. Suggesting this patch (against trunk) > > diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c > index 89c8074..476e021 100644 > --- a/modules/session/mod_session.c > +++ b/modules/session/mod_session.c > @@ -126,22 +126,28 @@ static apr_status_t ap_session_load(request_rec * r, > session_rec ** z) > > /* found a session that hasn't expired? */ > now = apr_time_now(); > - if (!zz || (zz->expiry && zz->expiry < now)) { > + if (zz) { > + if (zz->expiry && zz->expiry < now) { > + zz = NULL; > + } > + else { > + /* having a session we cannot decode is just as good as having > + none at all */ > + rv = ap_run_session_decode(r, zz); > + if (OK != rv) { > + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817) > + "error while decoding the session, " > + "session not loaded: %s", r->uri); > + zz = NULL; > + } > + } > + } > > > - /* no luck, create a blank session */ > + /* no luck, create a blank session */ > + if (!zz) { > > zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec)); > zz->pool = r->pool; > zz->entries = apr_table_make(zz->pool, 10); > - > - } > - else { > - rv = ap_run_session_decode(r, zz); > - if (OK != rv) { > - ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817) > - "error while decoding the session, " > - "session not loaded: %s", r->uri); > - return rv; > - } > } > > /* make sure the expiry and maxage are set, if present */ > > > On Thu, Dec 12, 2013 at 10:11 PM, Tom Evans <tevans...@googlemail.com>wrote: > >> On Thu, Dec 12, 2013 at 7:30 PM, Graham Leggett <minf...@sharp.fm> wrote: >> > On 12 Dec 2013, at 16:57, Thomas Eckert <thomas.r.w.eck...@gmail.com> >> wrote: >> > >> >> The patch does not help but I think it got me on the right track >> though I'm a bit confused about the 'dirty' flag. Where is that flag >> supposed to be used ? In both trunk and 2.4.7 I only found one place >> (./modules/session/mod_session.c:200) where that flag is used but none that >> remotely looked like triggering a session/cookie replacing. >> >> >> >> I assume the real problem lies in mod_session's ap_session_load(). >> There the comment says "If the session doesn't exist, a blank one will be >> created." but that's simply not true if the session decryption failed. >> > >> > Can you clarify what you mean by "session decryption failed"? >> > >> >> When the request has a session cookie present, but the contents are >> corrupted or in any way incorrect, then decoding the cookie fails. >> When this occurs, no new session is created. >> Since no new session is created, no new cookie is set. >> >> (I think!) >> >> Cheers >> >> Tom >> > >