[squid-users] Question about: ext_session_acl Splash/Portal solution.
Klaus Tachtler
klaus at tachtler.net
Sun Oct 15 18:17:33 UTC 2017
Hi Amos,
after a little bit more testing, of course I must agree with you, it
doesn't work as expected.
Please can you give me another advice? Where is my fault?
I tried to use the *ACTIVE* example from the squid documentation and
modified it a little bit on 3 parts of the code, BUT a LOOP are still
there!
https://wiki.squid-cache.org/ConfigExamples/Portal/Splash#Squid_Configuration_File_-_Active_Mode
--- code ---
# Set up the session helper in active mode. Mind the wrap - this is
one line: - *MODIFIED* - (all in one line)
external_acl_type session concurrency=100 ttl=3 negative_ttl=0
children-max=1 %LOGIN /usr/lib64/squid/ext_session_acl -a -T 60 -b
/var/lib/squid/sessions/
# Pass the LOGIN command to the session helper with this ACL
acl session_login external session LOGIN
# Normal session ACL as per simple example
acl session_is_active external session
# ACL to match URL - *MODIFIED* -
acl clicked_login_url url_regex -i http://my.pages.net/html/accept.php
# First check for the login URL. If present, login session
http_access allow clicked_login_url session_login
# If we get here, URL not present, so renew session or deny request.
http_access deny !session_is_active
# Deny page to display - *MODIFIED* - NOT using a template with HTML-Code 511!
deny_info http://my.pages.net/html/splash.php?url=%u session_is_active
--- code ---
If you want, I can share the code from the pages
- http://my.pages.net/html/accept.php
- http://my.pages.net/html/splash.php?url=%u
too?
The idea behind the two PHP pages are, to store the original URL with
the splash.php inside a PHP session and make a redirect inside the
accept.php to the original URL.
Thank you for your time and your patience with me!
Klaus.
> On 15/10/17 10:02, Klaus Tachtler wrote:
>> Hi Amos,
>>
>>> On 14/10/17 04:40, Klaus Tachtler wrote:>
>>>> Why I'm on a loop between splash page and accept page?
>>>
>>>
>>> You have two *separate* active (-a) session contexts going on
>>> simultaneously. They are both fighting over the session database.
>>
>> Oh my god, to delete "-a" on the "session_active_def" was the solution.
>> I was searching hours and hours for that!
>>
>> Thank you so much for the simple line you wrote to me!
>
> If that is the only change you made it is still not solved either,
> your sessions will never end.
>
> You need *one* session. You get to pick active or passive:
>
> * Active has specific ACLs for LOGIN/LOGOUT/test.
> - for when the clicked URL just *has* to be the specific one.
>
> * Passive has only one ACL for atomic test+login.
> - for when either click OR refresh OR any other page fetch is
> enough to continue.
> - every test of the ACL updates the session timestamp not to expire.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
----- Ende der Nachricht von Amos Jeffries <squid3 at treenet.co.nz> -----
--
------------------------------------------
e-Mail : klaus at tachtler.net
Homepage: http://www.tachtler.net
DokuWiki: http://www.dokuwiki.tachtler.net
------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 3120 bytes
Desc: Öffentlicher PGP-Schlüssel
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171015/6f44c6b3/attachment.key>
More information about the squid-users
mailing list