mod_session.c revision fc251eb7714d158c2952bc2ddbbcfb9169098212
/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "mod_session.h"
#include "apr_lib.h"
#include "apr_strings.h"
#include "util_filter.h"
#include "http_log.h"
#include "http_request.h"
#include "http_protocol.h"
#define SESSION_EXPIRY "expiry"
#define HTTP_SESSION "HTTP_SESSION"
)
static int session_fixups(request_rec * r);
/**
* Should the session be included within this URL.
*
* This function tests whether a session is valid for this URL. It uses the
* include and exclude arrays to determine whether they should be included.
*/
{
int i;
included = 0;
const char *include = includes[i];
included = 1;
}
}
}
included = 0;
}
}
}
return included;
}
/**
* Load the session.
*
* If the session doesn't exist, a blank one will be created.
*
* @param r The request
* @param z A pointer to where the session will be written.
*/
{
int rv = 0;
/* is the session enabled? */
return APR_SUCCESS;
}
/* should the session be loaded at all? */
if (!session_included(r, dconf)) {
"excluded by configuration for: %s", r->uri);
return APR_SUCCESS;
}
/* load the session from the session hook */
"session is enabled but no session modules have been configured, "
"session not loaded: %s", r->uri);
return APR_EGENERAL;
}
"error while loading the session, "
"session not loaded: %s", r->uri);
return rv;
}
/* found a session that hasn't expired? */
now = apr_time_now();
/* no luck, create a blank session */
}
else {
"error while decoding the session, "
"session not loaded: %s", r->uri);
return rv;
}
}
/* make sure the expiry is set, if present */
}
*z = zz;
return APR_SUCCESS;
}
/**
* Save the session.
*
* In most implementations the session is only saved if the dirty flag is
* true. This prevents the session being saved unnecessarily.
*
* @param r The request
* @param z A pointer to where the session will be written.
*/
{
if (z) {
int rv = 0;
/* sanity checks, should we try save at all? */
if (z->written) {
"attempt made to save the session twice, "
"session not saved: %s", r->uri);
return APR_EGENERAL;
}
"attempt made to save a session when the session had already expired, "
"session not saved: %s", r->uri);
return APR_EGENERAL;
}
/* reset the expiry back to maxage, if the expiry is present */
}
/* encode the session */
rv = ap_run_session_encode(r, z);
"error while encoding the session, "
"session not saved: %s", r->uri);
return rv;
}
/* try the save */
rv = ap_run_session_save(r, z);
"session is enabled but no session modules have been configured, "
"session not saved: %s", r->uri);
return APR_EGENERAL;
}
"error while saving the session, "
"session not saved: %s", r->uri);
return rv;
}
else {
z->written = 1;
}
}
return APR_SUCCESS;
}
/**
* Get a particular value from the session.
* @param r The current request.
* @param z The current session. If this value is NULL, the session will be
* looked up in the request, created if necessary, and saved to the request
* notes.
* @param key The key to get.
* @param value The buffer to write the value to.
*/
{
if (!z) {
rv = ap_session_load(r, &z);
if (APR_SUCCESS != rv) {
return rv;
}
}
if (z && z->entries) {
}
return OK;
}
/**
* Set a particular value to the session.
*
* Using this method ensures that the dirty flag is set correctly, so that
* the session can be saved efficiently.
* @param r The current request.
* @param z The current session. If this value is NULL, the session will be
* looked up in the request, created if necessary, and saved to the request
* notes.
* @param key The key to set. The existing key value will be replaced.
* @param value The value to set.
*/
{
if (!z) {
rv = ap_session_load(r, &z);
if (APR_SUCCESS != rv) {
return rv;
}
}
if (z) {
if (value) {
}
else {
}
z->dirty = 1;
}
return APR_SUCCESS;
}
{
return 1;
}
{
if (length) {
*slider = '&';
slider++;
}
*slider = '=';
slider++;
return 1;
}
/**
* Default identity encoding for the session.
*
* By default, the name value pairs in the session are URLEncoded, separated
* by equals, and then in turn separated by ampersand, in the format of an
* html form.
*
* This was chosen to make it easy for external code to unpack a session,
* should there be a need to do so.
*
* @param r The request pointer.
* @param z A pointer to where the session will be written.
*/
{
int length = 0;
if (z->expiry) {
}
apr_table_do((int (*) (void *, const char *, const char *))
apr_table_do((int (*) (void *, const char *, const char *))
return OK;
}
/**
* Default identity decoding for the session.
*
* By default, the name value pairs in the session are URLEncoded, separated
* by equals, and then in turn separated by ampersand, in the format of an
* html form.
*
* This was chosen to make it easy for external code to unpack a session,
* should there be a need to do so.
*
* This function reverses that process, and populates the session table.
*
* Name / value pairs that are not encoded properly are ignored.
*
* @param r The request pointer.
* @param z A pointer to where the session will be written.
*/
{
const char *sep = "&";
/* sanity check - anything to decode? */
if (!z->encoded) {
return OK;
}
/* decode what we have */
const char *psep = "=";
}
}
else {
}
}
}
}
return OK;
}
/**
* Ensure any changes to the session are committed.
*
* This is done in an output filter so that our options for where to
* store the session can include storing the session within a cookie:
* As an HTTP header, the cookie must be set before the output is
* written, but after the handler is run.
*
* NOTE: It is possible for internal redirects to cause more than one
* request to be present, and each request might have a session
* defined. We need to go through each session in turn, and save each
* one.
*
* The same session might appear in more than one request. The first
* attempt to save the session will be called
*/
{
/* save all the sessions in all the requests */
request_rec *r = f->r->main;
if (!r) {
r = f->r;
}
while (r) {
session_rec *z = NULL;
/* load the session, or create one if necessary */
/* when unset or on error, z will be NULL */
ap_session_load(r, &z);
if (!z || z->written) {
r = r->next;
continue;
}
/* if a header was specified, insert the new values from the header */
if (conf->header_set) {
if (!override) {
}
if (override) {
session_identity_decode(r, z);
}
}
/* save away the session, and we're done */
/* when unset or on error, we've complained to the log */
ap_session_save(r, z);
r = r->next;
}
/* remove ourselves from the filter chain */
/* send the data up the stack */
}
/**
* Insert the output filter.
*/
static void session_insert_output_filter(request_rec * r)
{
}
/**
* Fixups hook.
*
* Load the session within a fixup - this ensures that the session is
* properly loaded prior to the handler being called.
*
* The fixup is also responsible for injecting the session into the CGI
* environment, should the admin have configured it so.
*
* @param r The request
*/
static int session_fixups(request_rec * r)
{
session_rec *z = NULL;
/* if an error occurs or no session has been configured, we ignore
* the broken session and allow it to be recreated from scratch on save
* if necessary.
*/
ap_session_load(r, &z);
session_identity_encode(r, z);
if (z->encoded) {
}
}
return OK;
}
{
return (void *) new;
}
{
return new;
}
static const char *
{
return NULL;
}
static const char *
{
return NULL;
}
static const char *
{
return NULL;
}
static const char *
{
return NULL;
}
{
*new = f;
return NULL;
}
{
*new = f;
return NULL;
}
static const command_rec session_cmds[] =
{
"on if a session should be maintained for these URLs"),
"length of time for which a session should be valid. Zero to disable"),
"output header, if present, whose contents will be injected into the session."),
"on if a session should be written to the CGI environment. Defaults to off"),
"URL prefixes to include in the session. Defaults to all URLs"),
"URL prefixes to exclude from the session. Defaults to no URLs"),
{NULL}
};
static void register_hooks(apr_pool_t * p)
{
}
{
create_session_dir_config, /* dir config creater */
merge_session_dir_config, /* dir merger --- default is to override */
NULL, /* server config */
NULL, /* merge server config */
session_cmds, /* command apr_table_t */
register_hooks /* register hooks */
};