Re: httpd session timeout

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> I am testing it by logging into the website using basic authentication [...]

Session you are observing is browser-based, not server-based. Your browser repeats once learned credentials in every request until it's restarted (may depend on the browser of course). And server verifies credentials of every request, there's no session or timeout for HTTP authentication.
--

With Best Regards,
Marat Khalili

On August 24, 2016 4:53:28 PM GMT+03:00, Roger Paanini <rogerpaanini@xxxxxxxxx> wrote:
Chris, I am testing it by logging into the website using basic authentication and then waiting for the time out duration and try to access the page again. I am expecting to be challenged for credentials again when I tried to access the page after the timeout. But I am never challenged after the timeout - ever after several hours beyond the timeout value.

But I see the following messages in my log file... I suspect my session modules are not configured correctly?

[Wed Aug 24 08:41:46.851228 2016] [session:warn] [pid 61410:tid 140098663421696] [client x.x.x.x:5675] AH01815: session is enabled but no session modules have been configured, session not loaded: 

I have the following in my httpd.conf: 

LoadModule session_module modules/mod_session.so
LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
***
<Location />
        Session on
        SessionMaxAge 1
        AuthType Basic
        AuthLDAPBindDN "xxxxx"
        AuthLDAPBindPassword "xxxx"
        AuthBasicProvider ldap
        AuthName "LDAP - login"
        AuthLDAPURL "xxxxx"
        Require valid-user
        Require ldap-group "xxxx"
        AuthLDAPRemoteUserAttribute uid
</Location>

Any thoughts on what I am missing?

Thanks!



On Tue, Aug 23, 2016 at 3:29 PM, Christopher Schultz <chris@xxxxxxxxxxxxxxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Roger,

On 8/23/16 4:26 PM, Roger Paanini wrote:
> Folks, I have tried to configure httpd with session timeout but it
> does not seem to work. My httpd.conf has the following:
>
> Session on SessionMaxAge 1 AuthType Basic ***
>
> I was trying to put a timeout value of 1 sec just to test. This is
> not working. Am I missing something?
>
> Thanks for any pointers on this.

How are you testing it? What did you expect? What happened if it
wasn't what you expected?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXvLIwAAoJEBzwKT+lPKRYWnAP/Ax2yBWc8laAbRC3jKTA7TlI
3Y5kfIrJi8tiNfzga/PXUWR82b6KmjMbXD5VKlD98YFFJhOjlMF8JSqV1MQIX1Lu
v9mfjkasfwhapPGtlksecNzJEA2KtSS+sLZfg5m1gPmv9R8sH5A6aFICmwVs87b8
DcZK/e/4STGvzGs6hGwQGaSgDDT3H4UFZqrLPCHx/jK85wNDkIZ+rHodzsLXjD9Y
/St2ER0bCWr090v0s/sKqKP28g7WrXBCiqh/MpCnIJ70B798GEmGI3sXnepFKSWV
1IzsK8J8KAufGY24XCgRMXad1TshaftnPiTIGmZ6pPesyq8sc4Rr8FN/Mo7xvR3Z
eSZYCJd639Ir76MHikCjVhgRzWphh82PN+9wf9hA7snk0yt+uFEsrcxTlURdErbB
0XWW7lKSor7R+OksK9HmL3izhEyNymXiOryRy5wBa2emlCajCoczy8XYy9CffkNq
OM81k343CdbdjLO5Z7AUdTIbnZjx5zGS9r6nVcf5uyg5j70ZuOyE1P6zft94KR4S
b6R2UMWUJ9aku7tzwP1cSox3DRSnhAI6VPXuwYiJYAZo6+kSTLCs0gW3Jb1q5nWj
1IF2lsGvZIqH0yqxZ49rgvYSnkCdp+pp3ZVFHfDED9LBD4B90tRzlQFI4QF0w5YV
TLNlGhmIB+eqb5dW9LnK
=9Yn+
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux