ext_session_acl - Squid session tracking external acl helper.
timeout ] [-b
database ] [-a]
maintains a concept of sessions by monitoring requests
and timing out sessions. The timeout is based either on idle use ( -t
or a fixed period of time ( -T
). The former is suitable for displaying
terms and conditions to a user; the latter is suitable for the display of
advertisments or other notices (both as a splash page - see config examples in
the wiki online). The session helper can also be used to force users to
re-authenticate if the %LOGIN
are both used.
- -t timeout
- Idle timeout for any session. The default if not specified
(set to 3600 seconds).
- -T timeout
- Fixed timeout for any session. This will end the session
after the timeout regardless of a user's activity. If used with
active mode, this will terminate the user's session after
timeout , after which another LOGIN will be required.
LOGOUT will reset the session and timeout.
- -b path
- Path to persistent database. If a file is specified
then that single file is used as the database. If a path is specified, a
Berkeley DB database environment is created within the directory. The
advantage of the latter is better database support between multiple
instances of the session helper. Using multiple instances of the session
helper with a single database file will cause synchronisation problems
between processes. If this option is not specified the session details
will be kept in memory only and all sessions will reset each time Squid
restarts its helpers (Squid restart or rotation of logs).
- Active mode. In this mode sessions are started by
evaluating an acl with the argument LOGIN , or terminated by the
argument LOGOUT . Without this flag the helper automatically starts
the session after the first request.
helper is a concurrent helper; therefore, the
concurrency= option must
be specified in the configuration.
Passive session configuration example using the default automatic mode
external_acl_type session ttl=300
negative_ttl=0 children=1 concurrency=200 %LOGIN
acl session external session
http_access deny !session
deny_info http://your.server.example.com/bannerpage?url=%s session
Then set up http://your.server.example.com/bannerpage
to display a
session startup page and then redirect the user back to the requested URL
given in the url query parameter.
This program and documentation was written by Henrik Nordstrom
<email@example.com> Andrew Beverley
* Copyright (C) 1996-2016 The Squid Software Foundation and contributors
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
* Please see the COPYING and CONTRIBUTORS files for details.
This program and documentation is copyright to the authors named above.
Distributed under the GNU General Public License (GNU GPL) version 2 or later
Questions on the usage of this program can be sent to the Squid Users mailing
Bug reports need to be made in English. See
http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need
to include with your bug report.
Report bugs or bug fixes using http://bugs.squid-cache.org/
Report serious security bugs to Squid Bugs
Report ideas for new improvements to the Squid Developers mailing list
The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq
The Squid Configuration Manual http://www.squid-cache.org/Doc/config/