Re: [squid-users] Session helper question

From: Tuc at T-B-O-H.NET <ml@dont-contact.us>
Date: Sun, 29 Apr 2007 14:43:46 -0400 (EDT)

> l=C3=B6r 2007-04-21 klockan 16:49 -0400 skrev Tuc at T-B-O-H.NET:
>
> > I don't see it. I look at the man page from 3.0.PRE5 and=20
> > 2.6.STABLE12 . =20
> >=20
> > I'll guess that you should either use -t or -a.
>
> You may use a -t if you like, but there is a default value if you don't.
>
> You should not use -a, see the text after the -a option for a
> description of how the helper works when you don't use -a.
>
> "Without this flag the helper automatically starts the
> session after the first request."
>
        But your contridicting yourself. The email that started this
all contained the following :

        "The above can be accomplished with the help of the session acl helper in
        it's active mode, combined with a internal web server for serving the
        splash page and redirecting the user back to the requested URL when
        clicking on Connect."

        SO, thats what I want to do. I want to use the session
acl helper, in "-a" or active mode, and I'll put up an internal Apache
server to put out our splash page. When the user is authenticated and
done, I'll redirect them to the requested URL. So first you tell me I
need active, then you tell me I don't. I don't want automatic session
starting, I want to decide that when I'm satisfied THEN the user
will have a session started.
>
> > Your frst reply to me told me to use it in the active mode, so
> > that would be -a. The example was removed between 2.6.STABLE12
> > and 3.0.PRE5.
>
> What I tried to tell you was to read the man page text after the -a
> option, explaining how the helper operates when not using -a (i.e. what
> is the default mode of operation).
>
        I meant in a much more previous email, not a currently
previous email.
>
> You may use the active mode if you like, but it's somewhat more
> complicated to use. It's meant for situations where user must actively
> accept a terms-of-use page or similar before they are allowed to browse.
>
        Which is exactly what I want. And all I'm looking for is
WHAT is used to determine that the "session" is there. Is it a cookie?
A pop up? A mac address? An IP address?
>
> And the example has not been removed. It's 3.0.PRE5 which is not yet
> updated.
>
        Ok, thanks.
>
> > So looking at the example, and it talks about
> > an argument LOGIN, which I don't understand whats part of that
> > argument. It also talks about sessions, but what constitutes a
> > session? Is it from the same IP, from the same browser, etc.=20
>
> Arguments is sent via the acl directive.
>
> A session identifier is whatever you send to the helper. Could be any of
> the above, as per your external_acl_type definition.
>
        What is the way in the example? I don't see it passing anything
it seems except %LOGIN. Whats %LOGIN comprimised of?
>
> > Is it possible to give an example of how the flow
> > goes, what the browser and squid do back and forth?
>
> It's no flow in such sense. It's just a definition of what identifies a
> session in external_acl_type, and then the helper monitoring the
> activity of the session and timing out the session when idle (or
> alternatively explicit login/logout actions when using the -a option).
>
> Regards
> Henrik
>
        There is a flow...

        1) User attempts to access a.b.c.d
        2) Squid sents to acl helper
        3) ACL helper matches BLAH against BLEH
        4) If there is a match, page can be retrived
        4b) If not, then user is directed to another page
        5) When BLOOP is done, a FROIBLE is stored and....

        So I'm trying to find out what the ACL is matching
to see if the user was seen or not...

                        Thanks, Tuc
Received on Sun Apr 29 2007 - 12:43:54 MDT

This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT