Hi,
I've got a mysterious problem with Squid as reverse proxy and I would
be grateful if someone could help me out. Basically, I use an external
acl to validate the session id when someone accesses my site that is
reverse proxied.
..snip..
external_acl_type ext_session_page ttl=180 negative_ttl=0 %SRC
%>{Cookie:;MYSESSIONID} /usr/bin/php /path/to/myvalidator.php
acl user_session external ext_session_page
http_access deny !user_session
deny_info https://logon.domain.com/logon.php?url=%u user_session
..snip..
My logon page logon.php creates a new session id and stores a cookie.
When a user has successfully logged on, I redirect to his chosen site.
Squid then validates the cookie using my external acl (OK or ERR).
This works fine 99.5% of the time.
But sometimes squid gets confused and sends the older session id (one
before the current session id in deny_page) to my external acl which
is really weird. As a result, the external acl keeps returning ERR.
Then it sorts itself out. Or a restart squid sorts it out. What could
be causing this? Is this a bug with squid? I've also noticed that it
seems to happen at night around 9 PM ish.
The logic is simple:
1. User visits the reverse proxied site (config not shown).
2. Squid checks the external acl to see if the cookie is valid.
3. If OK it lets it go to the site.
4. If ERR, logon.php is presented which creates a new session id and
stores a cookie.
5. User logs on
6. If successful, logon.php redirects to the reverse proxied site. (At
this point, external acl will be checked i.e. step 2. External acl
will reply OK as the cookie is valid.)
7. If failed, logon.php does not redirect i.e. stays on deny_page.
Thanks
