[squid-users] help to disconnect users after determinated time. TTL

Amos Jeffries squid3 at treenet.co.nz
Fri Aug 16 13:28:02 UTC 2019

On 16/08/19 3:30 am, jmperrote wrote:
> Hello Emmanuel, we finish implementing a solution on PHP script, getting
> the TTL time < 0 on the cachemgr, and it work.
> The problem is that the param --> auth_param basic credentialsttl 3
> minutes, give this time (180 seconds), but if the user still navigating
> on the site, this value
> "Check TTL" is not renewing when the user is navigating, so if the user not aplly any click on the page just when the counter "Check TTL" is 0, the user counter go to < 0.
> It is posible introduce any param that tell to squid to renew the counter when a user is betwen the credentialsttl time and still navigating ?

credentiaslttl does not mean what you seem to think it does.

It is just an optimization to reduce the amount of lookups to the
helper. How often they are *checked*.

In your other thread you showed this report:

> 	Type            State     Check TTL Cache TTL Username
> 	--------------- --------- --------- ---------
> 	AUTH_BASIC      Ok        58        3598      prueba

Think of credentialsTTL ("Check TTL") hitting 0 as the start of that
"grace period". The cache garbage collection (Cache TTL) defines the end
- when the credentials are completely forgotten by Squid.

As you can see there is already a "grace period" of 3540 seconds on
these credentials.

As Emmanuel said you can fake a sort-of logout by having a custom helper
pretend the credentials have expired suddenly. But that is something
your helper does, not this TTL.

Keep in mind that while Squid is awaiting your helper response all new
HTTP requests using those credentials will be queued up waiting for its
response. When the helper responds its answer will be applied to all
those queued and all future requests until the next credentialsttl
period ends.


More information about the squid-users mailing list