Feature Wiki

Information about planned and released features

Tabs

Abandon Sessions in WebDAV

Page Overview

1 Reasons to Abandon Feature
2 Technical Information
3 Contact
4 Funding
5 Discussion
6 Implementation

1 Reasons to Abandon Feature

Not all WebDAV clients support session-handling. The authentication from WebDAV itself happens over basic authentication. But if WebDAV detects a client, that sends a session ID with its request, it reuses this session.

The problem comes with the clients, which are not aware of sessions. Since these clients never send a session ID, ILIAS will create a new session for every request. This is a problem, because most clients send about 4 requests for a single action of the a user (some more, some less). E.g. to download a file: OPTIONS, PROPFIND, GET, PROPFIND. This means, that the session table will get a new entry for every single one of those request.

Since there is no simple way to detect if a client is aware of sessions or not, every client request without a session will get a session.

We would like to abandon the session feature for WebDAV in ILIAS 6.0 and backport it as bugfix to all supported versions. Since clients, even the ones with session handling, always send an “Authorization”-header, the sessions are not needed for WebDAV.

2 Technical Information

To prevent the creation of sessions, we propose to add following line to the authentication class of WebDAV (ilWebDAVAuthentication):

ilSession::enableWebAccessWithoutSession(true);

This function call makes sure, that ILIAS doesn’t add a new session to the table.

3 Contact

Author of the Request: Heer, Raphael [rheer]
Maintainer: Kergomard, Stephan [skergomard], Heer, Raphael [rheer]
Implementation of the feature is done by: Heer, Raphael [rheer]

4 Funding

Removing the feature from the ILIAS code base might need funding. If you are interest in funding this request, please add your name and institution to this list.

5 Discussion

JourFixe, ILIAS [jourfixe], 24 APR 2019 : We support the suggestion by the maintainer and accept to abandon sessions for WebDaV with 6.0. A backport to 5.3 and 5.4 should be possible after first experience with 6.0, esp. concerning performance when using LDAP authentication.

6 Implementation

This was implemented and tested for two month on our own installation. We have changed one little detail: We still create sessions for clients we are sure use sessions (white listing). The implementation is in this commit: https://github.com/ILIAS-eLearning/ILIAS/commit/8cae377b068893ef1e67a6982a17b73dcbfa18b2

Approval

Approved at 26. August 2019 by Kergomard, Stephan [skergomard]. (Implementation by Heer, Raphael [rheer]

Last edited: 9. Dec 2019, 08:42, Kergomard, Stephan [skergomard]