Browseable session backend

Browseable session backend (Apache::Session::Browseable) works exactly like Apache::Session::* corresponding module but add indexes that increase session explorer and session restrictions performances.

Please use a recent version of Apache::Session::Browseable.

Current debian wheezy 0.7.1 version is obsolete and not functionnal. Last version can be found on CPAN : http://search.cpan.org/dist/Apache-Session-Browseable/

If you use features like SAML (authentication and issuer), CAS (issuer) and password reset self-service, you also need to index some fields.

The following table list fields to index depending on the feature you want to increase performance:

Feature Fields to index
Session explorer ipAddr WHATTOTRACE _httpSessionType ipAddr
Session restrictions ipAddr WHATTOTRACE
SAML authentication and issuer _saml_id ProxyID _nameID _assert_id _art_id _session_id
CAS issuer _cas_id
Password reset user

WHATTOTRACE must be replaced by the attribute or macro configured in the What To Trace parameter (REMOTE_USER)

It is advised to use separate session backends for standard sessions, SAML sessions and CAS sessions, in order to manage index separately.

Documentation below explains how set index on ipAddr and _whatToTrace; Adapt it to configure the index you need.

Setup

Prepare database

Using Redis, you just have to prepare Redis database. See Redis session backend.

Exemple with MySQL:

Database must be prepared exactly like in SQL session backend except that a field must be added for each data to index.

CREATE TABLE sessions (
    id CHAR(32) NOT NULL PRIMARY KEY,
    a_session BLOB,
    _whatToTrace VARCHAR(255),
    ipAddr VARCHAR(15),
    KEY _whatToTrace (_whatToTrace),
    KEY ipAddr (ipAddr)
    );

Change char(32) by char(64) if you use the now recommanded SHA256 hash algorithm. See Sessions for more details

Manager

Using Redis, you just have to add the “Index” parameter in General parameters » Sessions » Session storage » Apache::Session module :

Required parameters
Name Comment Example
server Redis server 127.0.0.1:6379
Index Index _whatToTrace ipAddr

Example with MySQL:

Go in the Manager and set the session module (Apache::Session::Browseable::MySQL for MySQL) in General parameters » Sessions » Session storage » Apache::Session module and add the following parameters (case sensitive):

Required parameters
Name Comment Example
DataSource The DBI string dbi:mysql:dbname=sessions
UserName The database username lemonldapng
Password The database password mysuperpassword
Index Index _whatToTrace ipAddr

Apache::Session::Browseable::MySQL doesn't use locks so performances are keeped.

For databases like PostgreSQL, don't forget to add “Commit” with a value of 1

Security

Restrict network access to the database.

You can also use different user/password for your servers by overriding parameters globalStorage and globalStorageOptions in lemonldap-ng.ini file.