PR56052: resolve problems with expired sessions

session_load providers cache the session_rec pointer, so hollow
them out and reuse them instead of replacing them.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874673 13f79535-47bb-0310-9956-ffa450edef68

CHANGES

@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_session: Fix an issue that blocked new sessions being created after
+     session expiration or other session errors. PR56052 [Eric Covener]
+
   *) mod_proxy_hcheck: Allow healthcheck expressions to use %{Content-Type}.
      PR64140. [Renier Velazco <renier.velazco upr.edu>]
 

modules/session/mod_session.c

@@ -137,22 +137,21 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z)
             ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817)
                     "error while decoding the session, "
                     "session not loaded: %s", r->uri);
-            zz = NULL;
+            /* preserve pointers to zz in load/save providers */
+            memset(zz, 0, sizeof(session_rec));
+            zz->pool = r->pool;
+            zz->entries = apr_table_make(zz->pool, 10);
         }
 
        /* invalidate session if session is expired */
         if (zz && zz->expiry && zz->expiry < now) {
             ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "session is expired");
-            zz = NULL;
-        }
-    }
-
-    /* no luck, create a blank session */
-    if (!zz) {
-        zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
+            /* preserve pointers to zz in load/save providers */
+            memset(zz, 0, sizeof(session_rec));
             zz->pool = r->pool;
             zz->entries = apr_table_make(zz->pool, 10);
         }
+    }
 
     /* make sure the expiry and maxage are set, if present */
     if (dconf->maxage) {