1ext_session_acl(8) System Manager's Manual ext_session_acl(8)
2
6 ext_session_acl - Squid session tracking external acl helper.
7 Version 1.2
9
11 ext_session_acl [-t timeout ] [-b database ] [-a]
12
14 ext_session_acl maintains a concept of sessions by monitoring requests
15 and timing out sessions. The timeout is based either on idle use ( -t )
16 or a fixed period of time ( -T ). The former is suitable for displaying
17 terms and conditions to a user; the latter is suitable for the display
18 of advertisements or other notices (both as a splash page - see config
19 examples in the wiki online). The session helper can also be used to
20 force users to re-authenticate if the %LOGIN and -a are both used.
21
23 -t timeout Idle timeout for any session. The default if not specified
24 (set to 3600 seconds).
25 -T timeout Fixed timeout for any session. This will end the session
27 after the timeout regardless of a user's activity. If used
28 with active mode, this will terminate the user's session
29 after timeout , after which another LOGIN will be required.
30 LOGOUT will reset the session and timeout.
31 -b path Path to persistent database. If a file is specified then
33 that single file is used as the database. If a path is
34 specified, a Berkeley DB database environment is created
35 within the directory. The advantage of the latter is better
36 database support between multiple instances of the session
37 helper. Using multiple instances of the session helper with
38 a single database file will cause synchronization problems
39 between processes. If this option is not specified the
40 session details will be kept in memory only and all ses‐
41 sions will reset each time Squid restarts its helpers
42 (Squid restart or rotation of logs).
43 -a Active mode. In this mode sessions are started by evaluat‐
45 ing an acl with the argument LOGIN , or terminated by the
46 argument LOGOUT . Without this flag the helper automati‐
47 cally starts the session after the first request.
48
50 The ext_session_acl helper is a concurrent helper; therefore, the con‐
51 currency= option must be specified in the configuration.
52 Passive session configuration example using the default automatic mode
54 external_acl_type session ttl=300 negative_ttl=0 children=1 con‐
55 currency=200 %LOGIN /usr/local/squid/libexec/ext_session_acl
56 acl session external session
57 http_access deny !session
58 deny_info http://your.server.example.com/bannerpage?url=%s ses‐
59 sion
60 Then set up http://your.server.example.com/bannerpage to display a ses‐
62 sion startup page and then redirect the user back to the requested URL
63 given in the url query parameter.
64
66 This program and documentation was written by Henrik Nordstrom <hen‐
67 rik@henriknordstrom.net> Andrew Beverley <andy@andybev.com>
68
70 * Copyright (C) 1996-2020 The Squid Software Foundation and contribu‐
71 tors
72 *
73 * Squid software is distributed under GPLv2+ license and includes
74 * contributions from numerous individuals and organizations.
75 * Please see the COPYING and CONTRIBUTORS files for details.
76 This program and documentation is copyright to the authors named above.
78 Distributed under the GNU General Public License (GNU GPL) version 2 or
80 later (GPLv2+).
81
83 Questions on the usage of this program can be sent to the Squid Users
84 mailing list <squid-users@lists.squid-cache.org>
85
87 Bug reports need to be made in English. See http://wiki.squid-
88 cache.org/SquidFaq/BugReporting for details of what you need to include
89 with your bug report.
90 Report bugs or bug fixes using http://bugs.squid-cache.org/
92 Report serious security bugs to Squid Bugs <squid-bugs@lists.squid-
94 cache.org>
95 Report ideas for new improvements to the Squid Developers mailing list
97 <squid-dev@lists.squid-cache.org>
98
100 squid(8), GPL(7),
101 The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq
102 The Squid Configuration Manual http://www.squid-cache.org/Doc/config/
103 9 October 2011 ext_session_acl(8)