From 9d7339f317024dc6d0f082d08087fcf52301b0fe Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 29 May 2019 13:16:00 +0200 Subject: [PATCH] Perform quicker cleanup of sessions which their user explicitly disconnected When a user explicitly disconnects after the session is open, cleanup its entry immediatelly. That ensures that a radius server will be notified sooner, while anyconnect clients which disconnect early (before session is open), remain unaffected. Resolves: #210 Signed-off-by: Nikos Mavrogiannopoulos --- NEWS | 2 ++ doc/README-radius.md | 7 +++---- src/sec-mod-db.c | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index 933d57df..3f6ead39 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,8 @@ - Added support for radius access-challenge (multifactor) authentication. - Fixed race condition when connect-script and disconnect-script are set, which could potentially cause a crash (#208). +- Perform quicker cleanup of sessions which their user explicitly + disconnected (#210). * Version 0.12.3 (released 2019-03-12) diff --git a/doc/README-radius.md b/doc/README-radius.md index 505a0ae0..d4b6bb7f 100644 --- a/doc/README-radius.md +++ b/doc/README-radius.md @@ -56,10 +56,9 @@ That value will be overridden by Acct-Interim-Interval if sent by the server. Note that the accounting session is reported as terminated as soon as -possible (there is a periodic server cleanup of old entries every 5mins) -when the user disconnects explicitly. Users which their session -disconnected due to timeout, have their connection remain valid -until the `cookie-timeout` value expires. +possible when the user disconnects explicitly. When the disconnection +is due to timeout or other network reasons, the users have their connection +remain valid until the `cookie-timeout` value expires. Dictionary diff --git a/src/sec-mod-db.c b/src/sec-mod-db.c index 30e40620..c3271432 100644 --- a/src/sec-mod-db.c +++ b/src/sec-mod-db.c @@ -198,7 +198,7 @@ void expire_client_entry(sec_mod_st *sec, client_entry_st * e) e->in_use--; if (e->in_use == 0) { if (e->vhost->perm_config.config->persistent_cookies == 0 && (e->discon_reason == REASON_SERVER_DISCONNECT || - e->discon_reason == REASON_SESSION_TIMEOUT)) { + e->discon_reason == REASON_SESSION_TIMEOUT || (e->session_is_open && e->discon_reason == REASON_USER_DISCONNECT))) { seclog(sec, LOG_INFO, "invalidating session of user '%s' "SESSION_STR, e->acct_info.username, e->acct_info.safe_id); /* immediately disconnect the user */