Browseable session backend

Browseable session backend (Apache::Session::Browseable) works exactly like Apache::Session::* corresponding module but add indexes that increase session explorer and session restrictions performances.

If you use features like SAML (authentication and issuer), CAS (issuer) and password reset self-service, you also need to index some fields.

The following table list fields to index depending on the feature you want to use:

Feature Fields to index
Session explorer ipAddr WHATTOTRACE
Session restrictions ipAddr WHATTOTRACE
SAML authentication and issuer _saml_id ProxyID _nameID _assert_id _art_id _session_id
CAS issuer _cas_id
Password reset user

WHATTOTRACE must be replaced by the attribute or macro configured in the What To Trace parameter (REMOTE_USER)

It is advised to use separate session backends for standard sessions, SAML sessions and CAS sessions, in order to manage index separately.

Documentation below explains how set index on ipAddr and _whatToTrace; Adapt it to configure the index you need.

Setup

Prepare database

Using Redis, you just have to prepare Redis database. See Redis session backend.

Exemple with MySQL:

Database must be prepared exactly like in SQL session backend except that a field must be added for each data to index. 

CREATE TABLE sessions (
    id char(32) NOT NULL PRIMARY KEY,
    a_session blob,
    _whatToTrace varchar(255),
    ipAddr varchar(15),
    KEY _whatToTrace (_whatToTrace),
    KEY ipAddr (ipAddr)
    );

Manager

Using Redis, you just have to add the “Index” parameter in General parameters » Sessions » Session storage » Apache::Session module :

Required parameters
Name Comment Example
server Redis server 127.0.0.1:6379
Index Index _whatToTrace ipAddr

Example with MySQL:

Go in the Manager and set the session module (Apache::Session::Browseable::MySQL for MySQL) in General parameters » Sessions » Session storage » Apache::Session module and add the following parameters (case sensitive):

Required parameters
Name Comment Example
DataSource The DBI string dbi:mysql:dbname=sessions
UserName The database username lemonldapng
Password The database password mysuperpassword
Index Index _whatToTrace ipAddr

Apache::Session::Browseable::MySQL doesn't use locks so performances are keeped.

For databases like PostgreSQL, don't forget to add “Commit” with a value of 1

Security

Restrict network access to the database.

You can also use different user/password for your servers by overriding parameters globalStorage and globalStorageOptions in lemonldap-ng.ini file.