On 03/01/2020 11:39 PM, [email protected] wrote:
> Author: covener
> Date: Sun Mar  1 22:39:11 2020
> New Revision: 1874673
> 
> URL: http://svn.apache.org/viewvc?rev=1874673&view=rev
> Log:
> PR56052: resolve problems with expired sessions
> 
> session_load providers cache the session_rec pointer, so hollow
> them out and reuse them instead of replacing them.
> 
> 
> Modified:
>     httpd/httpd/trunk/CHANGES
>     httpd/httpd/trunk/modules/session/mod_session.c
> 
> Modified: httpd/httpd/trunk/CHANGES
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1874673&r1=1874672&r2=1874673&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Sun Mar  1 22:39:11 2020
> @@ -1,6 +1,9 @@
>                                                           -*- coding: utf-8 
> -*-
>  Changes with Apache 2.5.1
>  
> +  *) mod_session: Fix an issue that blocked new sessions being created after
> +     session expiration or other session errors. PR56052 [Eric Covener]
> +
>    *) mod_proxy_hcheck: Allow healthcheck expressions to use %{Content-Type}.
>       PR64140. [Renier Velazco <renier.velazco upr.edu>]
>  
> 
> Modified: httpd/httpd/trunk/modules/session/mod_session.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session.c?rev=1874673&r1=1874672&r2=1874673&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/session/mod_session.c (original)
> +++ httpd/httpd/trunk/modules/session/mod_session.c Sun Mar  1 22:39:11 2020
> @@ -137,23 +137,22 @@ static apr_status_t ap_session_load(requ
>              ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817)
>                      "error while decoding the session, "
>                      "session not loaded: %s", r->uri);
> -            zz = NULL;
> +            /* preserve pointers to zz in load/save providers */
> +            memset(zz, 0, sizeof(session_rec));
> +            zz->pool = r->pool;
> +            zz->entries = apr_table_make(zz->pool, 10);
>          }
>  
>         /* invalidate session if session is expired */
>          if (zz && zz->expiry && zz->expiry < now) {
>              ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "session is 
> expired");
> -            zz = NULL;
> +            /* preserve pointers to zz in load/save providers */
> +            memset(zz, 0, sizeof(session_rec));
> +            zz->pool = r->pool;
> +            zz->entries = apr_table_make(zz->pool, 10);
>          }
>      }
>  
> -    /* no luck, create a blank session */
> -    if (!zz) {
> -        zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
> -        zz->pool = r->pool;
> -        zz->entries = apr_table_make(zz->pool, 10);
> -    }
> -

Why don't we need this any longer? Is there a a guarantee that zz != NULL here?

Regards

RĂ¼diger

Reply via email to