Search squid archive

Re: Strange problem with squid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 3/02/2014 10:00 p.m., P K wrote:
> Hi,
> 
> I've got a mysterious problem with Squid as reverse proxy  and I would
> be grateful if someone could help me out. Basically, I use an external
> acl to validate the session id when someone accesses my site that is
> reverse proxied.
> 
> ..snip..
> 
> external_acl_type ext_session_page ttl=180 negative_ttl=0 %SRC
> %>{Cookie:;MYSESSIONID} /usr/bin/php /path/to/myvalidator.php
> acl user_session external ext_session_page
> http_access deny !user_session
> deny_info https://logon.domain.com/logon.php?url=%u user_session
> 
> ..snip..
> 
> My logon page logon.php creates a new session id and stores a cookie.
> When a user has successfully logged on, I redirect to his chosen site.
> Squid then validates the cookie using my external acl (OK or ERR).
> This works fine 99.5% of the time.
> 
> But sometimes squid gets confused and sends the older session id (one
> before the current session id in deny_page) to my external acl which
> is really weird. As a result, the external acl keeps returning ERR.
> Then it sorts itself out. Or a restart squid sorts it out. What could
> be causing this? Is this a bug with squid? I've also noticed that it
> seems to happen at night around 9 PM ish.
> 
> The logic is simple:
> 
> 1. User visits the reverse proxied site (config not shown).
> 2. Squid checks the external acl to see if the cookie is valid.
> 3. If OK it lets it go to the site.
> 4. If ERR, logon.php is presented which creates a new session id and
> stores a cookie.
> 5. User logs on
> 6. If successful, logon.php redirects to the reverse proxied site. (At
> this point, external acl will be checked i.e. step 2. External acl
> will reply OK as the cookie is valid.)
> 7. If failed, logon.php does not redirect i.e. stays on deny_page.
> 

What is the output of squid -v please?


How are you fooling the browser into sending the same Cookie for all
requests no matter what domain is being fetched?


Squid sends the ACL helper the Cookie header sub-string starting with
"MYSESSIONID=" in the request it receives. I suspect the browser is
sending stale Cookies.


Amos
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux