Browseable session backend

Presentation

Browseable session backend (Apache::Session::Browseable) works exactly like Apache::Session::* corresponding module but add index that increase session explorer and session restrictions performances.

If you use features like SAML (authentication and issuer), CAS (issuer) and password reset self-service, you also need to index some fields.

Without index, LL::NG will have to retrieve all sessions stored in backend and parse them to find the needed sessions. With index, LL::NG wil be able to get only wanted sessions from the backend.

The following table list fields to index depending on the feature you want to increase performance:

Feature Fields to index Session storage
Session explorer ipAddr WHATTOTRACE global
Session explorer (persistent sessions) _session_uid persistent
Session restrictions ipAddr WHATTOTRACE global
SAML authentication and issuer _saml_id ProxyID _nameID _assert_id _art_id _session_id saml
CAS issuer _cas_id cas
Password reset user global
Register mail global
WHATTOTRACE must be replaced by the attribute or macro configured in the What To Trace parameter (REMOTE_USER)
It is advised to use separate session backends for standard sessions, SAML sessions and CAS sessions, in order to manage index separately.
Documentation below explains how set index on ipAddr and _whatToTrace. Adapt it to configure the index you need.

Browseable NoSQL

You can use Redis and set up the database like explained in Redis session backend.

You then just have to add the Index parameter in General parameters » Sessions » Session storage » Apache::Session module :

Required parameters
Name Comment Example
server Redis server 127.0.0.1:6379
Index Index _whatToTrace ipAddr

Browseable SQL

This documentation concerns MySQL. Some adaptations are needed with other databases.

Prepare database

Database must be prepared exactly like in SQL session backend except that a field must be added for each data to index.

CREATE TABLE sessions (
    id CHAR(64) NOT NULL PRIMARY KEY,
    a_session BLOB,
    _whatToTrace VARCHAR(255),
    ipAddr VARCHAR(15),
    KEY _whatToTrace (_whatToTrace),
    KEY ipAddr (ipAddr)
    );

Manager

Go in the Manager and set the session module (Apache::Session::Browseable::MySQL for MySQL) in General parameters » Sessions » Session storage » Apache::Session module and add the following parameters (case sensitive):

Required parameters
Name Comment Example
DataSource The DBI string dbi:mysql:dbname=sessions
UserName The database username lemonldapng
Password The database password mysuperpassword
Index Index _whatToTrace ipAddr
Apache::Session::Browseable::MySQL doesn't use locks so performances are keeped.

For databases like PostgreSQL, don't forget to add “Commit” with a value of 1

Browseable LDAP

Go in the Manager and set the session module to Apache::Session::Browseable::LDAP. Then configure the options like in LDAP session backend.

You need to add the Index field and can also configure the ldapAttributeIndex field to set the attribute name where index values will be stored.

Required parameters
Name Comment Example
ldapServer URI of the server ldap://localhost
ldapConfBase DN of sessions branch ou=sessions,dc=example,dc=com
ldapBindDN Connection login cn=admin,dc=example,dc=password
ldapBindPassword Connection password secret
Index Index list _whatToTrace ipAddr
Optional parameters
Name Comment Default value
ldapObjectClass Objectclass of the entry applicationProcess
ldapAttributeId Attribute storing session ID cn
ldapAttributeContent Attribute storing session content description
ldapAttributeIndex Attribute storing index ou

Security

Restrict network access to the backend.

You can also use different user/password for your servers by overriding parameters globalStorage and globalStorageOptions in lemonldap-ng.ini file.