Writing a module to check validity of user sessions


i am currently writing a module which should send the session_id
cookie to an upstream, receive the upstreams answer, and based on the
answer decide if it should deliver a page for authenticated users or a
page for nonauthenticated ones. i do actually have a working version
now, but i think the way how i solved it is not very optimal yet
because i am kind of abusing the status_n integer of
upstream->headers_in of the upstream for something that it isn’t made
my current solution connects to the upstream, sends the session_id
cookie and then reads the first byte from the upstreams answers. if
the first byte is 0, it sets the upstreams http status code to 404, if
the first byte is a one it sets the status code to 403. then i just
use the ‘error_page’ directive to do an internal redirect to either
the authenticated location or the not authenticated location.

this works, but i think its not very nice…

i am looking for a way how i can do an internal redirect in my module
after i finished reading the reply from the upstream. i cannot do it
in the handler function because it returns before i got the answer
from the upstream. i tried using the internal_redirect function in the
callbacks which i can set on the upstream, but that doesn’t seem to
work for several reasons like segfaults everywhere.

i would be really glad about a tip how to do internal redirects after
reading an upstreams answer.

i attached my module, the module configuration and the nginx
configuration which is currently working the way i want with nginx

additionally i attached tcpserver.py, which is just a simple test
authentication server, it only returns a hardcoded 0 or 1 and i used
it for testing the module.

i hope i expressed more or less clearly what i am trying to achieve.

i would be really glad about any idea,


Use eval module.

Best regards,
Piotr S. < [email protected] >

looks great, i will try that,


thanks for the tip, the combination with mod_eval works great.

i modified my module a little and use it in combination with mod_eval
to create a variable in the nginx config file that contains the
authentication status of a user.

my colleague alvaro videla wrote a little python server which can give
me the authentication status of a user based on the php session cookie
which i am passing to him using the check_session module:

thats cool because we can now, using this variable in the nginx
config, cache pages in memcache which are specific to an
authentication level. thats going to save us a lot of cpu on our
really have php framework.

i attached my modified module and a test nginx config to the mail.