Section: Maintenance Commands (8)
Updated: 9 October 2011
ext_session_acl - Squid session tracking external acl helper.
maintains a concept of sessions by monitoring requests
and timing out sessions. The timeout is based either on idle use (
) or a fixed period of time (
). The former is suitable for displaying terms and conditions to a user; the
latter is suitable for the display of advertisements or other notices (both as a
splash page - see config examples in the wiki online). The session helper can also be used
to force users to re-authenticate if the
are both used.
- -t timeout
Idle timeout for any session. The default if not specified (set to 3600 seconds).
- -T timeout
Fixed timeout for any session. This will end the session after the timeout regardless
of a user's activity. If used with
mode, this will terminate the user's session after
, after which another
will be required.
will reset the session and timeout.
- -b path
to persistent database. If a file is specified then that single file is
used as the database. If a path is specified, a Berkeley DB database
environment is created within the directory. The advantage of the latter
is better database support between multiple instances of the session
helper. Using multiple instances of the session helper with a single
database file will cause synchronization problems between processes.
If this option is not specified the session details will be kept in
memory only and all sessions will reset each time Squid restarts its
helpers (Squid restart or rotation of logs).
Active mode. In this mode sessions are started by evaluating an
acl with the argument
, or terminated by the argument
Without this flag the helper automatically starts the session after
the first request.
helper is a concurrent helper; therefore, the concurrency= option
be specified in the configuration.
Passive session configuration example using the default automatic mode
external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/ext_session_acl
acl session external session
http_access deny !session
deny_info http://your.server.example.com/bannerpage?url=%s session
Then set up
to display a session startup page and then redirect the user back to the requested URL given in the url query parameter.
This program and documentation was written by
Henrik Nordstrom <firstname.lastname@example.org>
Andrew Beverley <email@example.com>
* Copyright (C) 1996-2019 The Squid Software Foundation and contributors
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
* Please see the COPYING and CONTRIBUTORS files for details.
This program and documentation is copyright to the authors named above.
Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
Questions on the usage of this program can be sent to the
Squid Users mailing list
Bug reports need to be made in English.
for details of what you need to include with your bug report.
Report bugs or bug fixes using http://bugs.squid-cache.org/
Report serious security bugs to
Squid Bugs <firstname.lastname@example.org>
Report ideas for new improvements to the
Squid Developers mailing list
The Squid FAQ wiki
The Squid Configuration Manual