Hello,
Would it be possible to extend this protocol:
http://wiki.codemongers.com/NginxImapCoreModule
with logout (connection closed, timeout, etc) events?
Something like this:
GET /close HTTP/1.0
Host: auth.server.hostname
Close-User: user
Close-Server: 192.168.1.10
Close-Port: 143
Close-Protocol: imap
Close-Cause:
logout|server_timeout|client_ssl_timeout|client_closed|server_closed|etc
Client-IP: 192.168.1.1
The main benefit would be that the authenticator application could build
a session table from live sessions, which is currently very hard to do.
This means after an authentication OK response is sent, nginx should
send a close event, no matter how the connection was lost (setting the
Close-Cause accordingly).
Thanks,
On śro, sie 27, 2008 at 10:39:01 +0200, Attila Nagy wrote:
Host: auth.server.hostname
This means after an authentication OK response is sent, nginx should
send a close event, no matter how the connection was lost (setting the
Close-Cause accordingly).
How would you distinguish between multiple sessions from the same
client? I guess you’d need a cookie set by the authenticator and sent by
nginx when the session ends.
Best regards,
Grzegorz N.
On Wed, Aug 27, 2008 at 10:59:16AM +0200, Grzegorz N. wrote:
GET /close HTTP/1.0
a session table from live sessions, which is currently very hard to do.
This means after an authentication OK response is sent, nginx should
send a close event, no matter how the connection was lost (setting the
Close-Cause accordingly).
How would you distinguish between multiple sessions from the same
client? I guess you’d need a cookie set by the authenticator and sent by
nginx when the session ends.
This is IMAP/POP3, but not HTTP, there are no cookies.
Hello!
On Wed, Aug 27, 2008 at 10:39:01AM +0200, Attila Nagy wrote:
Host: auth.server.hostname
send a close event, no matter how the connection was lost (setting the
Close-Cause accordingly).
I believe it’s wrong way to go. Such table should be build from
logs, not by authenticator.
Maxim D.
On 2008.08.27. 10:59, Grzegorz N. wrote:
The main benefit would be that the authenticator application could build
a session table from live sessions, which is currently very hard to do.
This means after an authentication OK response is sent, nginx should
send a close event, no matter how the connection was lost (setting the
Close-Cause accordingly).
How would you distinguish between multiple sessions from the same
client? I guess you’d need a cookie set by the authenticator and sent by
nginx when the session ends.
There are internal (or not so internal, because they can be logged)
identifiers which could be used as a session ID, but valid point, it
should be sent too.
On Wed, Aug 27, 2008 at 05:55:11PM +0400, Igor S. wrote:
How would you distinguish between multiple sessions from the same
client? I guess you’d need a cookie set by the authenticator and sent by
nginx when the session ends.
This is IMAP/POP3, but not HTTP, there are no cookies.
I know, but the communication with the authenticator is (AFAIK) over
HTTP. Nginx does not need any cookies because it knows exactly when a
session starts and when it ends (it’s a single TCP connection). However,
the proposed logout notifications would be separate HTTP requests so the
authenticator would have to associate them somehow.
One way would be for the authenticator to send a normal HTTP cookie,
which then Nginx sends back upon logout. Another simpler way would be to
send the client IP:port pair both on session start and on session end.
Best regards,
Grzegorz N.