X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=webcit%2Fcontext_loop.c;h=f9238ab6aee14d3e97669d76932371eacdc9bc42;hb=6656aef08918a552b006f996ed0032041aac38bc;hp=225233ff2e7244b946644e46de925719daab540a;hpb=77d93a35c3508e8f06d3327a742fd5471849a1b2;p=citadel.git

diff --git a/webcit/context_loop.c b/webcit/context_loop.c
index 225233ff2..f9238ab6a 100644
--- a/webcit/context_loop.c
+++ b/webcit/context_loop.c
@@ -188,6 +188,14 @@ wcsession *FindSession(wcsession **wclist, ParsedHttpHdrs *Hdr, pthread_mutex_t
 			}
 			break;			     
 		case NO_AUTH:
+			/* Any unbound session is a candidate */
+			if (sptr->wc_session == 0) {
+				/* FIXME -- look for a session that is not only a candidate, but is
+				 * also NOT CURRENTLY LOCKED.  This will cause the proper size pool
+				 * to be created.
+				 */
+				TheSession = sptr;
+			}
 			break;
 		}
 	}
@@ -477,6 +485,7 @@ void context_loop(ParsedHttpHdrs *Hdr)
 	wcsession *TheSession;
 	struct timeval tx_start;
 	struct timeval tx_finish;
+	int session_may_be_reused = 1;
 	
 	gettimeofday(&tx_start, NULL);		/* start a stopwatch for performance timing */
 
@@ -535,6 +544,10 @@ void context_loop(ParsedHttpHdrs *Hdr)
 		CheckAuthBasic(Hdr);
 	}
 
+	if (Hdr->HR.got_auth) {
+		session_may_be_reused = 0;
+	}
+
 	/*
 	 * See if there's an existing session open with the desired ID or user/pass
 	 */
@@ -593,6 +606,16 @@ void context_loop(ParsedHttpHdrs *Hdr)
 
 	session_detach_modules(TheSession);
 
+	/* If *this* very transaction did not explicitly specify a session cookie,
+	 * and it did not log in, we want to flag the session as a candidate for
+	 * re-use by the next unbound client that comes along.  This keeps our session
+	 * table from getting bombarded with new sessions when, for example, a web
+	 * spider crawls the site without using cookies.
+	 */
+	if ((session_may_be_reused) && (!WC->logged_in)) {
+		WC->wc_session = 0;
+	}
+
 	TheSession->Hdr = NULL;
 	CtdlLogResult(pthread_mutex_unlock(&TheSession->SessionMutex));
 }