Bug#556383: apache2-mpm-event: mod_cache CacheIgnoreURLSessionIdentifiers misbehaviour

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#556383: apache2-mpm-event: mod_cache CacheIgnoreURLSessionIdentifiers misbehaviour
From: Vitez Gabor <gabor.vitez@gmail.com>
Date: Sun, 15 Nov 2009 18:08:25 +0100
Message-id: <[🔎] 20091115170825.21715.14198.reportbug@localhost.localdomain>
Reply-to: Vitez Gabor <gabor.vitez@gmail.com>, 556383@bugs.debian.org

Package: apache2-mpm-event
Version: 2.2.14-2
Severity: normal


CacheIgnoreURLSessionIdentifiers fails to work properly, when two
session identifiers are used.

Background:
I'd like to use apache mod_mem_cache to accelerate a facebook app.
I'd like to strip the fb_sig_time and fb_sig request parameters, so request
from the same user, for the same pages would have a chance to hit the cache.

The application servers is using SCGI, I check from the SCGI servers log, if
the request was served from the apache cache, or by the application server.

Excerpt from the apache config file:
CacheIgnoreURLSessionIdentifiers fb_sig_time fb_sig

#tail of the application server log
vgoper1:/etc/apache2/sites-enabled# tail -f /var/www/new/logs/access.log &
vgoper1:/etc/apache2/sites-enabled# wget -O/dev/null -q 'http://127.0.01/?fb_sig_user=innocent&backdoor=secret&fb_sig_time=1'
127.0.0.1 - 2009-11-15 17:48:18 28736 "GET /?fb_sig_user=innocent&backdoor=secret&fb_sig_time=1 HTTP/1.0" 200 'Wget/1.12 (linux-gnu)' 0.20sec
#this was a cache miss
vgoper1:/etc/apache2/sites-enabled# wget -O/dev/null -q 'http://127.0.01/?fb_sig_user=innocent&backdoor=secret&fb_sig_time=2'
vgoper1:/etc/apache2/sites-enabled# wget -O/dev/null -q 'http://127.0.01/?fb_sig_user=innocent&backdoor=secret&fb_sig_time=3'
#two cache hits
vgoper1:/etc/apache2/sites-enabled# wget -O/dev/null -q 'http://127.0.01/?fb_sig_user=innocent&backdoor=secret&fb_sig=1'
127.0.0.1 - 2009-11-15 17:49:39 28736 "GET /?fb_sig_user=innocent&backdoor=secret&fb_sig=1 HTTP/1.0" 200 'Wget/1.12 (linux-gnu)' 0.08sec
#cache miss
vgoper1:/etc/apache2/sites-enabled# wget -O/dev/null -q 'http://127.0.01/?fb_sig_user=innocent&backdoor=secret&fb_sig=2'
127.0.0.1 - 2009-11-15 17:49:41 28736 "GET /?fb_sig_user=innocent&backdoor=secret&fb_sig=2 HTTP/1.0" 200 'Wget/1.12 (linux-gnu)' 0.07sec
#cache miss
vgoper1:/etc/apache2/sites-enabled# wget -O/dev/null -q 'http://127.0.01/?fb_sig_user=innocent&backdoor=secret&fb_sig=3'
127.0.0.1 - 2009-11-15 17:49:44 28736 "GET /?fb_sig_user=innocent&backdoor=secret&fb_sig=3 HTTP/1.0" 200 'Wget/1.12 (linux-gnu)' 0.07sec
#cache miss

kind regards:
Gabor Vitez

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.31.6-bfs310 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Reply to:

Prev by Date: Processing of apache2_2.2.9-10+lenny6_i386.changes
Next by Date: Processing of apache2_2.2.3-4+etch11_i386.changes
Previous by thread: Processing of apache2_2.2.9-10+lenny6_i386.changes
Next by thread: apache2 override disparity
Index(es):
- Date
- Thread