ext_session_acl man page

ext_session_acl — Squid session tracking external acl helper.

Version 1.2


ext_session_acl [-t timeout ] [-b database ] [-a]


ext_session_acl maintains a concept of sessions by monitoring requests and timing out sessions. The timeout is based either on idle use ( -t ) or a fixed period of time ( -T ). The former is suitable for displaying terms and conditions to a user; the latter is suitable for the display of advertisements or other notices (both as a splash page - see config examples in the wiki online). The session helper can also be used to force users to re-authenticate if the %LOGIN and -a are both used.


-t timeout

Idle timeout for any session. The default if not specified (set to 3600 seconds).

-T timeout

Fixed timeout for any session. This will end the session after the timeout regardless of a user's activity. If used with active mode, this will terminate the user's session after timeout , after which another LOGIN will be required. LOGOUT will reset the session and timeout.

-b path

Path to persistent database. If a file is specified then that single file is used as the database. If a path is specified, a Berkeley DB database environment is created within the directory. The advantage of the latter is better database support between multiple instances of the session helper. Using multiple instances of the session helper with a single database file will cause synchronization problems between processes. If this option is not specified the session details will be kept in memory only and all sessions will reset each time Squid restarts its helpers (Squid restart or rotation of logs).


Active mode. In this mode sessions are started by evaluating an acl with the argument LOGIN , or terminated by the argument LOGOUT . Without this flag the helper automatically starts the session after the first request.


The ext_session_acl helper is a concurrent helper; therefore, the concurrency= option must be specified in the configuration.

Passive session configuration example using the default automatic mode

external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/ext_session_acl
acl session external session
http_access deny !session
deny_info http://your.server.example.com/bannerpage?url=%s session

Then set up http://your.server.example.com/bannerpage to display a session startup page and then redirect the user back to the requested URL given in the url query parameter.


This program and documentation was written by Henrik Nordstrom <henrik@henriknordstrom.net> Andrew Beverley <andy@andybev.com>


Questions on the usage of this program can be sent to the Squid Users mailing list <squid-users@squid-cache.org>

Reporting Bugs

Bug reports need to be made in English. See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.

Report bugs or bug fixes using http://bugs.squid-cache.org/

Report serious security bugs to Squid Bugs <squid-bugs@squid-cache.org>

Report ideas for new improvements to the Squid Developers mailing list <squid-dev@squid-cache.org>

See Also

squid(8), GPL(7),
The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq
The Squid Configuration Manual http://www.squid-cache.org/Doc/config/

Referenced By


9 October 2011