Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: How do I get mod_session_dbd to work? |
|
| Author |
|
Peter_V
Joined: 18 Feb 2015
Posts: 1
Location: USA, Hereford AZ
|
 Posted: Wed 18 Feb '15 23:16 Post subject: How do I get mod_session_dbd to work? |
 |
|
I'm running Apache 2.4 on Archlinux with Drupal 7. We are using using smart card authentication into drupal with PKI_authentication module.
Note: this is just a test setup I'm using at home trying figure out how to make this work. The production setup is basically the same except for running on Windows 2008 R2.
I also have Apache setup as a reverse proxy to two internal servers using proxypass. I'm trying to limit access to the internal servers to only authorized users. Initially I've tried using "SSLVerifyClient require", which doesn't limit access to authorized users but at least requires them to use a recognized smart card.
The problem is that the two internal servers refer the browser back and forth between them and even open frames with the other server inside. Every time the browser gets redirected to the other server the user has to re-authenticate.
Since drupal uses a session cookie and stores the value for this cookie in a sql database I though I could use mod_session_dbd to verify the users is already authenticated. However the documentation on mod_session_dbd is pretty useless.
Before going on, if someone can suggest a better way to accomplish the above goals I'd very much appreciate it.
The mod_session_dbd documentation (aside from mixing up the database name and session name) in the 'DBD Configuration' block gives an example of:
DBDPrepareSQL "update session set value = %s, expiry = %lld, key = %s where key = %s" updatesession
But it doesn't describe what these variables are. Based on the names it looks like they are referring to the 'key', 'value', & 'expiry' from the cookie. But that doesn't make any sense since everyone that visits the website will have a cookie with exactly the same 'key'(name of the cookie) so I can't update a particular session using just the cookie name, unless this is expected to update every open session to the same 'value', etc. as the current user?
I'm using a basically stock Drupal setup with the following changes (that don't work):
In httpd.conf:
------------------------------------------------
LoadModule session_module modules/mod_session.so
LoadModule session_cookie_module modules/mod_session_cookie.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule session_dbd_module modules/mod_session_dbd.so
DBDriver sqlite3
DBDParams "/srv/www/drupalDB/drupal.db"
DBDPrepareSQL "select uid from sessions where ssid = %s" selectsession
#uis is the userid of current user and ssid is the value in the cookie.
#Not sure what selectsession is expected to return.
#also tried DBDPrepareSQL "select ssid from sessions where ssid = %s" selectsession, but that didn't work either
#Not using deletesession, insertsession, etc at this time since I don't want to mess up the database
------------------------------------------------
in httpd-ssl.conf:
------------------------------------------------
<Location /site1>
# SSLRequireSSL
AuthType Basic
AuthName "Internal"
Session On
SessionDBDCookieName SSESS0ea0798a41d3d84e7bbc0af79a07cd87
SessionDBDPerUser On
SessionDBDSelectLabel selectsession
Require valid-user
ErrorDocument 401 /sites/default/misc/pki_authentication/index.php
</Location>
ProxyPass /site1 http://192.168.0.3/site1
ProxyPassReverse /site1 http://192.168.0.3/site1
-----------------------------------------------------
I'd appreciate any help. Thanks. |
|
| Back to top |
|
|
|
|
|
|
