On 03/01/2020 11:39 PM, [email protected] wrote:
> Author: covener
> Date: Sun Mar 1 22:39:11 2020
> New Revision: 1874673
>
> URL: http://svn.apache.org/viewvc?rev=1874673&view=rev
> Log:
> PR56052: resolve problems with expired sessions
>
> session_load providers cache the session_rec pointer, so hollow
> them out and reuse them instead of replacing them.
>
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/modules/session/mod_session.c
>
> Modified: httpd/httpd/trunk/CHANGES
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1874673&r1=1874672&r2=1874673&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Sun Mar 1 22:39:11 2020
> @@ -1,6 +1,9 @@
> -*- coding: utf-8
> -*-
> Changes with Apache 2.5.1
>
> + *) mod_session: Fix an issue that blocked new sessions being created after
> + session expiration or other session errors. PR56052 [Eric Covener]
> +
> *) mod_proxy_hcheck: Allow healthcheck expressions to use %{Content-Type}.
> PR64140. [Renier Velazco <renier.velazco upr.edu>]
>
>
> Modified: httpd/httpd/trunk/modules/session/mod_session.c
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session.c?rev=1874673&r1=1874672&r2=1874673&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/session/mod_session.c (original)
> +++ httpd/httpd/trunk/modules/session/mod_session.c Sun Mar 1 22:39:11 2020
> @@ -137,23 +137,22 @@ static apr_status_t ap_session_load(requ
> ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817)
> "error while decoding the session, "
> "session not loaded: %s", r->uri);
> - zz = NULL;
> + /* preserve pointers to zz in load/save providers */
> + memset(zz, 0, sizeof(session_rec));
> + zz->pool = r->pool;
> + zz->entries = apr_table_make(zz->pool, 10);
> }
>
> /* invalidate session if session is expired */
> if (zz && zz->expiry && zz->expiry < now) {
> ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "session is
> expired");
> - zz = NULL;
> + /* preserve pointers to zz in load/save providers */
> + memset(zz, 0, sizeof(session_rec));
> + zz->pool = r->pool;
> + zz->entries = apr_table_make(zz->pool, 10);
> }
> }
>
> - /* no luck, create a blank session */
> - if (!zz) {
> - zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
> - zz->pool = r->pool;
> - zz->entries = apr_table_make(zz->pool, 10);
> - }
> -
Why don't we need this any longer? Is there a a guarantee that zz != NULL here?
Regards
RĂ¼diger