Re: Adding a reset option to the session helper

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 01 Oct 2011 15:51:58 +1300

 On Fri, 30 Sep 2011 20:07:29 +0100, Andrew Beverley wrote:
> On Thu, 2011-09-29 at 13:49 +0200, Henrik Nordström wrote:
>> tis 2011-09-27 klockan 07:32 +0100 skrev Andrew Beverley:
>>
>> > I'd like to find a way around this. The best way that I can think
>> of is
>> > to add an option to the session helper, to specify a URL that must
>> be
>> > present for the timeout to reset. This URL would then be contained
>> in
>> > the "continue" button on the splash page.
>>
>> See the active mode which is intended for this kind of explicit
>> session
>> start.
>
> Thanks Henrik. That looks spot on.
>
>>
>> The URL match is done using Squid acls.
>>
>
> Could you point me in the direction of how to do this please? Looking
> at
> the documentation for the external_acl_type it states that "any
> string
> specified in the referencing acl will also be included in the helper
> request line". Is that the way to achieve it? Something like this?
>
> external_acl_type session concurrency=100 ttl=3 %SRC
> /usr/lib/squid3/ext_session_acl -a -T 10800 -b
> /var/lib/squid/session.db
> acl existing_users external session
> acl aclname urlpath_regex -i a_url_that_must_be_clicked LOGIN
> deny_info http://nelsonwr.wardroom/announce.php?url=%s existing_users
> http_access deny !existing_users expiry
>
> (Sorry, I would just try it out myself, but I don't have a squid
> instance to hand, and I want to get this up and running as soon as I
> get
> back!)

 Something like this...

   acl sessionLOGIN external session LOGIN
   acl sessionLOGOUT external session LOGOUT
   acl sessionIsActive external session

 When the LOGIN/LOGOUT ACLs are tested they perform their action on the
 session state. The ACLs leading up to them have to be crafted to avoid
 testing them at all unless you want LOGIN/LOGOUT to happen on that
 request....

   acl clickedLoginURL urlpath_regex -i a_url_that_must_be_clicked

   http_access allow clickedLoginURL sessionLOGIN
   # http_access deny logout_conditions ... sessionLOGOUT
   http_access deny !sessionIsActive
   http_access allow ...

   deny_info http://nelsonwr.wardroom/announce.php?url=%s
 sessionIsActive

 Amos
Received on Sat Oct 01 2011 - 02:52:08 MDT

This archive was generated by hypermail 2.2.0 : Sat Oct 01 2011 - 12:00:04 MDT