Questions[session](server)

I run a debian squeeze standard Apache installation (2.2) and make use of SSLClientCertificates to authorize users. This works fine so far.

But we noticed a slow down of some parallel requests and tried to check if my SSLSessionCache is working.

So I checked my localhost/server-status and it reads like this:

SSL/TLS Session Cache Status:
cache type: SHMCB, shared memory: 512000 bytes, current sessions: 0
subcaches: 32, indexes per subcache: 133
index usage: 0%, cache usage: 0%
total sessions stored since starting: 0
total sessions expired since starting: 0
total (pre-expiry) sessions scrolled out of the cache: 0
total retrieves since starting: 0 hit, 0 miss
total removes since starting: 0 hit, 0 miss

Seems to be running but whatever SSL request I make, all counters stay at 0, so no sessions are cached.

I tried to set KeepAlive Off, to let every request establish a new SSL connection, but still I see no numbers counting up in my SSLSessionCache Status.

This is my SSLSessionCache Configuration from standard debian mods-enabled/ssl.conf:

SSLSessionCache        shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout  300
SSLMutex               file:${APACHE_RUN_DIR}/ssl_mutex

in my ${APACHE_RUN_DIR} I see no files at all, no ssl_mutex and no ssl_cache file. When I switch my SSLSessionCache to

SSLSessionCache         dbm:${APACHE_RUN_DIR}/ssl_scache

I can see a file in this directory, but all status numbers are still zero.

I tried to set LogLevel to debug. The only messages I get about the ssl cache are:

$ grep cache /var/log/apache2/error.log

ssl_scache_shmcb.c(253): shmcb_init allocated 512000 bytes of shared memory
ssl_scache_shmcb.c(272): for 511920 bytes (512000 including header), recommending 32 subcaches, 133 indexes each
ssl_scache_shmcb.c(306): shmcb_init_memory choices follow
ssl_scache_shmcb.c(308): subcache_num = 32
ssl_scache_shmcb.c(310): subcache_size = 15992
ssl_scache_shmcb.c(312): subcache_data_offset = 3208
ssl_scache_shmcb.c(314): subcache_data_size = 12784
ssl_scache_shmcb.c(316): index_num = 133
Shared memory session cache initialised
ssl_scache_shmcb.c(452): [client xyz] inside shmcb_status
ssl_scache_shmcb.c(512): [client xyz] leaving shmcb_status

(removed date an loglevel for readability, replaced IP for privacy)

So here are my questions:

1. Is it correct to have no files for mutex and sessionCache in the given directory?
2. If yes, how to prove my SessionCache is working?

I've done some research into this and have not found a definitive answer.

We have a web app that is using the PHP+Memcache session handler.

I have several questions, all interrelated, but ultimately my issue is, "Why are PHP sessions apparently not expiring when we think they should be?" i.e. The end user should be logged out of the app after a set time, but is not.

Here are the dots, please help me connect them, and tell me where I am mistaken:

• My understanding is that Memcache expires keys based on the set time, in seconds (or unix timestamp for larger values).
• The expiration is lazy -- i.e. nothing is deleted in advance
• The PHP memecache session handler uses the sessions.gc_max_lifetime to set the memcache key expiration. idk, maybe it doesn't?
• Memcache should, on serving a requested key and seeing that it is expired, not serve it (and then maybe also delete it?). But at least not serve it.
• This act of not serving it should, to PHP, equate to a deleted session and the user being logged out.

Users are not being logged out.

How can I even debug this? Memcache isn't exactly transparent.

The example case that has not been working is a site with a session timeout set to two hours. An example user would last use the site at night, and then, 8 - 10 hours later, come back to the site and still be logged on.

One of my sites is hosted via Amazon EC2 service. The problem starts happening when the site faces a heavy load which in turn spawns a new EC2 instance via AutoScaling. This is good but the issue is when these instances are killed (due to lack of load) the session information is also lost, and hence forcing the user to re-login in to the site.

What is the best way to approach this problem?

I have looked in to Memcached Session Manager & it works fine for Sticky sessions but causing problems when I try to use Non-sticky sessions since I make a lot of parallel requests to my server.

My current server is Apache+Tomcat

Any pointers helpful. Thanks.

(cross post from webmasters.stackexchange)

The ASP.net State Service appears to have mysteriously disappeared from our web server's Services list after changing the .Net version in an IIS app pool to v4 and then changing it back to v3.5 again. We're not even sure if that's related.

Does anyone know how we can reinstall or somehow register the service?

This is on a Windows 2008 Server. All .Net versions are installed.

Thanks

How do I run a script each time I unlock my Windows 7 session?

So, if I lock my session and then log in again, I want the script to run.

Do login scripts configured in the Group Policy do this or will they only work the first time?