On Fri, 30 Sep 2011 20:07:29 +0100, Andrew Beverley wrote:
On Thu, 2011-09-29 at 13:49 +0200, Henrik Nordström wrote:
tis 2011-09-27 klockan 07:32 +0100 skrev Andrew Beverley:
> I'd like to find a way around this. The best way that I can think
of is
> to add an option to the session helper, to specify a URL that must
be
> present for the timeout to reset. This URL would then be contained
in
> the "continue" button on the splash page.
See the active mode which is intended for this kind of explicit
session
start.
Thanks Henrik. That looks spot on.
The URL match is done using Squid acls.
Could you point me in the direction of how to do this please? Looking
at
the documentation for the external_acl_type it states that "any
string
specified in the referencing acl will also be included in the helper
request line". Is that the way to achieve it? Something like this?
external_acl_type session concurrency=100 ttl=3 %SRC
/usr/lib/squid3/ext_session_acl -a -T 10800 -b
/var/lib/squid/session.db
acl existing_users external session
acl aclname urlpath_regex -i a_url_that_must_be_clicked LOGIN
deny_info http://nelsonwr.wardroom/announce.php?url=%s existing_users
http_access deny !existing_users expiry
(Sorry, I would just try it out myself, but I don't have a squid
instance to hand, and I want to get this up and running as soon as I
get
back!)
Something like this...
acl sessionLOGIN external session LOGIN
acl sessionLOGOUT external session LOGOUT
acl sessionIsActive external session
When the LOGIN/LOGOUT ACLs are tested they perform their action on the
session state. The ACLs leading up to them have to be crafted to avoid
testing them at all unless you want LOGIN/LOGOUT to happen on that
request....
acl clickedLoginURL urlpath_regex -i a_url_that_must_be_clicked
http_access allow clickedLoginURL sessionLOGIN
# http_access deny logout_conditions ... sessionLOGOUT
http_access deny !sessionIsActive
http_access allow ...
deny_info http://nelsonwr.wardroom/announce.php?url=%s
sessionIsActive
Amos