From 6656aef08918a552b006f996ed0032041aac38bc Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Mon, 11 Jul 2011 14:46:40 -0400 Subject: [PATCH] Allow reuse of WebCit sessions currently resident in memory by unbinding unless the session is logged in or explicitly provided a session cookie. This prevents cookieless web spiders from flooding the session table. --- webcit/context_loop.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/webcit/context_loop.c b/webcit/context_loop.c index 225233ff2..f9238ab6a 100644 --- a/webcit/context_loop.c +++ b/webcit/context_loop.c @@ -188,6 +188,14 @@ wcsession *FindSession(wcsession **wclist, ParsedHttpHdrs *Hdr, pthread_mutex_t } break; case NO_AUTH: + /* Any unbound session is a candidate */ + if (sptr->wc_session == 0) { + /* FIXME -- look for a session that is not only a candidate, but is + * also NOT CURRENTLY LOCKED. This will cause the proper size pool + * to be created. + */ + TheSession = sptr; + } break; } } @@ -477,6 +485,7 @@ void context_loop(ParsedHttpHdrs *Hdr) wcsession *TheSession; struct timeval tx_start; struct timeval tx_finish; + int session_may_be_reused = 1; gettimeofday(&tx_start, NULL); /* start a stopwatch for performance timing */ @@ -535,6 +544,10 @@ void context_loop(ParsedHttpHdrs *Hdr) CheckAuthBasic(Hdr); } + if (Hdr->HR.got_auth) { + session_may_be_reused = 0; + } + /* * See if there's an existing session open with the desired ID or user/pass */ @@ -593,6 +606,16 @@ void context_loop(ParsedHttpHdrs *Hdr) session_detach_modules(TheSession); + /* If *this* very transaction did not explicitly specify a session cookie, + * and it did not log in, we want to flag the session as a candidate for + * re-use by the next unbound client that comes along. This keeps our session + * table from getting bombarded with new sessions when, for example, a web + * spider crawls the site without using cookies. + */ + if ((session_may_be_reused) && (!WC->logged_in)) { + WC->wc_session = 0; + } + TheSession->Hdr = NULL; CtdlLogResult(pthread_mutex_unlock(&TheSession->SessionMutex)); } -- 2.30.2