Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Anyone got mod_session_dbd working?? |
|
| Author |
|
alexqian
Joined: 07 Jan 2016
Posts: 7
Location: U.S.A
|
 Posted: Thu 07 Jan '16 19:16 Post subject: Anyone got mod_session_dbd working?? |
 |
|
I am upgrading apache mod_auth_form from 2.0.5 to 2.4. having trouble configuring mod_session_dbd. Need HELP!!
My configuration for httpd.conf - that fails to redirect to the protected main/main.php page even after the user is authenticated by login.php, its session id stored in a DB table (web_sessions) as well as set in the cookie ("sid"):
| Code: |
DBDriver mysql
DBDParams "host=127.0.0.1 dbname=aware_db user=apache pass=dNugyptWxVjeXxafdsuqqhPh9j77wo"
DBDMin 4
DBDKeep 8
DBDMax 20
DBDExptime 300
DBDPrepareSQL "select sid from web_sessions where uid = %s and (timeout_date < NOW() OR expiration_date < NOW())" selectsession
<Directory "/var/www/html">
Options -Indexes +FollowSymLinks
</Directory>
<Directory "/var/www/html/main">
Options -Indexes +FollowSymLinks
SSLRequireSSL
SetHandler form-login-handler
AuthFormLoginRequiredLocation /login.php
AuthFormLoginSuccessLocation /main/main.php
AuthFormProvider dbd
AuthType form
AuthName "WNG 9900"
ErrorDocument 401 /login.php
Session On
SessionDBDPerUser On
SessionDBDCookieName sid path=/;secure;version=1;
SessionDBDSelectLabel selectsession
SessionDBDCookieRemove Off
Require valid-user
ExpiresActive On
ExpiresByType application/x-java-jnlp-file "now"
</Directory>
|
We write our custom login.php script that is invoked when client first accesses the main page. The script shows a login HTML form, then takes user input (uid and password) to authenticate against SQL user DB as well as LDAP user accounts. Once the uid/password is authenticated, it stores a session id (sid) for the user in web_sessions DB table and set the "sid" in the cookie, then resend the HTTP request again for main page (this time with cookie already set ("uid" and "sid"). I expect that mod_session_dbd is going to match the "sid" in the cookie with the "sid" in the web_sessions DB table (via the selectsession DBDPrepareSQL) and see the user is already autenticated, and let it go to main page, instead of login.php again as if it were not authenticated (which is what happens with my configuration above).
The apache documentation for mod_session_dbd is minimal and incomplete, and I have not been able to find any working example of mod_session_dbd anywhere on the web that I can use for reference. Don'e even know how to debug mod_session_dbd... Struggling with this for 3 days now, any help/suggestion would be much appreciated!!
[/code] |
|
| Back to top |
|
|
|
|
|
|
