Browseable session backend

Presentation

Browseable session backend (Apache::Session::Browseable) works exactly like Apache::Session::* corresponding module but add index that increase session explorer and session restrictions performances.

If you use features like SAML (authentication and issuer), CAS (issuer) and password reset self-service, you also need to index some fields.

Without index, LL::NG will have to retrieve all sessions stored in backend and parse them to find the needed sessions. With index, LL::NG wil be able to get only wanted sessions from the backend.

The following table list fields to index depending on the feature you want to increase performance:

Feature	Fields to index
Database cleaup (cron)	_session_kind _utime
Session explorer	_session_kind ipAddr WHATTOTRACE
Session explorer (persistent sessions)	_session_kind _session_uid
Session restrictions	_session_kind ipAddr WHATTOTRACE

See Apache::Session::Browseable::* man page to see how use indexes.

WHATTOTRACE must be replaced by the attribute or macro configured in the What To Trace parameter (REMOTE_USER). By default: _whatToTrace

It is advised to use separate session backends for standard sessions, SAML sessions and CAS sessions, in order to manage index separately.

Documentation below explains how set index on ipAddr and _whatToTrace. Adapt it to configure the index you need.

Browseable NoSQL

You can use Redis and set up the database like explained in Redis session backend.

You then just have to add the Index parameter in General parameters » Sessions » Session storage » Apache::Session module :

Required parameters
Name	Comment	Example
server	Redis server	127.0.0.1:6379
Index	Index	_whatToTrace ipAddr

Browseable SQL

This documentation concerns PostgreSQL. Some adaptations are needed with other databases.

Prepare database

Database must be prepared exactly like in SQL session backend except that a field must be added for each data to index.

 Apache::SESSION::Browseable::Postgres example:
<code sql>
CREATE UNLOGGED TABLE sessions (
    id VARCHAR(64) NOT NULL PRIMARY KEY,
    a_session text,
    _whatToTrace text,
    _session_kind text,
    _utime BIGINT,
    USER text,
    ipAddr text
);
CREATE INDEX uid1 ON sessions USING BTREE (_whatToTrace);
CREATE INDEX s1   ON sessions (_session_kind);
CREATE INDEX u1   ON sessions (_utime);
CREATE INDEX ip1  ON sessions USING BTREE (ipAddr);

For Session Explorer and one-off sessions, it is recommended to use BTREE or any index method that indexes partial content.

“id” fieds is set to varchar(64) (instead of char(32)) to use the now recommended SHA256 hash algorithm. See Sessions for more details.

With new Apache::Session::Browseable::PgHstore and PgJSON, you don't need to declare indexes in CREATE TABLE since “json” and “hstore” type are browseable. You should anyway add some indexes (see manpage).

Manager

Go in the Manager and set the session module (Apache::Session::Browseable::MySQL for MySQL) in General parameters » Sessions » Session storage » Apache::Session module and add the following parameters (case sensitive):

Required parameters
Name	Comment	Example
DataSource	The DBI string	dbi:Pg:database=sessions
UserName	The database username	lemonldapng
Password	The database password	mysuperpassword
Index	Index	_whatToTrace ipAddr _session_kind _utime

Apache::Session::Browseable::MySQL doesn't use locks so performances are keeped.

For databases like PostgreSQL, don't forget to add “Commit” with a value of 1

Browseable LDAP

Go in the Manager and set the session module to Apache::Session::Browseable::LDAP. Then configure the options like in LDAP session backend.

You need to add the Index field and can also configure the ldapAttributeIndex field to set the attribute name where index values will be stored.

Required parameters
Name	Comment	Example
ldapServer	URI of the server	ldap://localhost
ldapConfBase	DN of sessions branch	ou=sessions,dc=example,dc=com
ldapBindDN	Connection login	cn=admin,dc=example,dc=password
ldapBindPassword	Connection password	secret
Index	Index list	_whatToTrace ipAddr
Optional parameters
Name	Comment	Default value
ldapObjectClass	Objectclass of the entry	applicationProcess
ldapAttributeId	Attribute storing session ID	cn
ldapAttributeContent	Attribute storing session content	description
ldapAttributeIndex	Attribute storing index	ou

Security

Restrict network access to the backend.

You can also use different user/password for your servers by overriding parameters globalStorage and globalStorageOptions in lemonldap-ng.ini file.

Performances

Here are some recommended configurations:

Browseable::Postgres:

CREATE UNLOGGED TABLE sessions (
    id VARCHAR(64) NOT NULL PRIMARY KEY,
    a_session text,
    _whatToTrace text,
    _session_kind text,
    _utime BIGINT,
    USER text,
    ipAddr VARCHAR(64)
);
CREATE INDEX uid1 ON sessions USING BTREE (_whatToTrace text_pattern_ops);
CREATE INDEX _s1 ON sessions (_session_kind);
CREATE INDEX _u1 ON sessions (_utime);
CREATE INDEX ip1 ON sessions USING BTREE (ipAddr)

Browseable::MySQL:

CREATE TABLE sessions (
    id VARCHAR(64) NOT NULL PRIMARY KEY,
    a_session text,
    _whatToTrace VARCHAR(64),
    _session_kind VARCHAR(15),
    USER text,
    _utime BIGINT
);
CREATE INDEX uid1 ON sessions (_whatToTrace) USING BTREE;
CREATE INDEX _s1 ON sessions (_session_kind);
CREATE INDEX _u1 ON sessions (_utime);
CREATE INDEX ip1 ON sessions (ipAddr) USING BTREE;

Table of Contents