Merge branch 'tmp-better-cleanup' into 'master'

Perform quicker cleanup of sessions which their user explicitly disconnected

Closes #210

See merge request openconnect/ocserv!102

NEWS

@@ -2,6 +2,8 @@
 - Added support for radius access-challenge (multifactor) authentication.
 - Fixed race condition when connect-script and disconnect-script are
   set, which could potentially cause a crash (#208).
+- Perform quicker cleanup of sessions which their user explicitly
+  disconnected (#210).
 
 
 * Version 0.12.3 (released 2019-03-12)

doc/README-radius.md

@@ -56,10 +56,9 @@ That value will be overridden by Acct-Interim-Interval if sent
 by the server.
 
 Note that the accounting session is reported as terminated as soon as
-possible (there is a periodic server cleanup of old entries every 5mins)
-when the user disconnects explicitly. Users which their session
-disconnected due to timeout, have their connection remain valid
-until the `cookie-timeout` value expires.
+possible when the user disconnects explicitly. When the disconnection
+is due to timeout or other network reasons, the users have their connection
+remain valid until the `cookie-timeout` value expires.
 
 
 Dictionary

src/sec-mod-db.c

@@ -198,7 +198,7 @@ void expire_client_entry(sec_mod_st *sec, client_entry_st * e)
 		e->in_use--;
 	if (e->in_use == 0) {
 		if (e->vhost->perm_config.config->persistent_cookies == 0 && (e->discon_reason == REASON_SERVER_DISCONNECT ||
-		    e->discon_reason == REASON_SESSION_TIMEOUT)) {
+		    e->discon_reason == REASON_SESSION_TIMEOUT || (e->session_is_open && e->discon_reason == REASON_USER_DISCONNECT))) {
 			seclog(sec, LOG_INFO, "invalidating session of user '%s' "SESSION_STR,
 			       e->acct_info.username, e->acct_info.safe_id);
 			/* immediately disconnect the user */