Improved session cleanup handling

Added session status "new" to mark sessions that are
in the session database to reserve the session id
but not resumable yet and that we want to separate from
sessions that has been invalidated for further reuse.

3 files changed, 37 insertions, 25 deletions

diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 9c658ecfba..0c44d3ae90 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -352,8 +352,7 @@ hello(start, #state{host = Host, port = Port, role = client,
     State1 = State0#state{connection_states = CS2,
 			 negotiated_version = Version, %% Requested version
 			  session =
-			      Session0#session{session_id = Hello#client_hello.session_id,
-					       is_resumable = false},
+			      Session0#session{session_id = Hello#client_hello.session_id},
 			  tls_handshake_hashes = Hashes1},
     {Record, State} = next_record(State1),
     next_state(hello, Record, State);
@@ -2008,16 +2007,16 @@ next_state_is_connection(State0) ->
 					       public_key_info = undefined,
 					       tls_handshake_hashes = {<<>>, <<>>}}).
 
-register_session(_, _, _, #session{is_resumable = true} = Session) ->
-    Session; %% Already registered
-register_session(client, Host, Port, Session0) ->
+register_session(client, Host, Port, #session{is_resumable = new} = Session0) ->
     Session = Session0#session{is_resumable = true},
     ssl_manager:register_session(Host, Port, Session),
     Session;
-register_session(server, _, Port, Session0) ->
+register_session(server, _, Port, #session{is_resumable = new} = Session0) ->
     Session = Session0#session{is_resumable = true},
     ssl_manager:register_session(Port, Session),
-    Session.
+    Session;
+register_session(_, _, _, Session) ->
+    Session. %% Already registered
 
 invalidate_session(client, Host, Port, Session) ->
     ssl_manager:invalidate_session(Host, Port, Session);
@@ -2041,7 +2040,7 @@ initial_state(Role, Host, Port, Socket, {SSLOptions, SocketOptions}, User,
 	   %% We do not want to save the password in the state so that
 	   %% could be written in the clear into error logs.
 	   ssl_options = SSLOptions#ssl_options{password = undefined},	   
-	   session = #session{is_resumable = false},
+	   session = #session{is_resumable = new},
 	   transport_cb = CbModule,
 	   data_tag = DataTag,
 	   close_tag = CloseTag,
diff --git a/lib/ssl/src/ssl_manager.erl b/lib/ssl/src/ssl_manager.erl
index dcf310c535..21fc47a69f 100644
--- a/lib/ssl/src/ssl_manager.erl
+++ b/lib/ssl/src/ssl_manager.erl
@@ -278,25 +278,16 @@ handle_cast({register_session, Port, Session},
     CacheCb:update(Cache, {Port, NewSession#session.session_id}, NewSession),
     {noreply, State};
 
-%%% When a session is invalidated we need to wait a while before deleting
-%%% it as there might be pending connections that rightfully needs to look
-%%% up the session data but new connections should not get to use this session.
 handle_cast({invalidate_session, Host, Port,
 	     #session{session_id = ID} = Session},
 	    #state{session_cache = Cache,
 		   session_cache_cb = CacheCb} = State) ->
-    CacheCb:update(Cache, {{Host, Port}, ID}, Session#session{is_resumable = false}),
-    TRef =
-	erlang:send_after(delay_time(), self(), {delayed_clean_session, {{Host, Port}, ID}}),
-    {noreply, State#state{last_delay_timer = TRef}};
+    invalidate_session(Cache, CacheCb, {{Host, Port}, ID}, Session, State);
 
 handle_cast({invalidate_session, Port, #session{session_id = ID} = Session},
 	    #state{session_cache = Cache,
 		   session_cache_cb = CacheCb} = State) ->
-    CacheCb:update(Cache, {Port, ID}, Session#session{is_resumable = false}),
-    TRef =
-	erlang:send_after(delay_time(), self(), {delayed_clean_session, {Port, ID}}),
-    {noreply, State#state{last_delay_timer = TRef}};
+    invalidate_session(Cache, CacheCb, {Port, ID}, Session, State);
 
 handle_cast({recache_pem, File, LastWrite, Pid, From},
 	    #state{certificate_db = [_, FileToRefDb, _]} = State0) ->
@@ -320,7 +311,7 @@ handle_cast({recache_pem, File, LastWrite, Pid, From},
 %%				      {stop, reason(), #state{}}.
 %%
 %% Description: Handling all non call/cast messages
-%%-------------------------------------------------------------------- 
+%%-------------------------------------------------------------------
 handle_info(validate_sessions, #state{session_cache_cb = CacheCb,
 				      session_cache = Cache,
 				      session_lifetime = LifeTime
@@ -444,3 +435,20 @@ delay_time() ->
 	_ ->
 	   ?CLEAN_SESSION_DB
     end.
+
+invalidate_session(Cache, CacheCb, Key, Session, State) ->
+    case CacheCb:lookup(Cache, Key) of
+	undefined -> %% Session is already invalidated
+	    {noreply, State};
+	#session{is_resumable = new} ->
+	    CacheCb:delete(Cache, Key),
+	    {noreply, State};
+	_ ->
+	    %% When a registered session is invalidated we need to wait a while before deleting
+	    %% it as there might be pending connections that rightfully needs to look
+	    %% up the session data but new connections should not get to use this session.
+	    CacheCb:update(Cache, Key, Session#session{is_resumable = false}),
+	    TRef =
+		erlang:send_after(delay_time(), self(), {delayed_clean_session, Key}),
+	    {noreply, State#state{last_delay_timer = TRef}}
+    end.
diff --git a/lib/ssl/src/ssl_session.erl b/lib/ssl/src/ssl_session.erl
index bf738649f6..df5d7e0146 100644
--- a/lib/ssl/src/ssl_session.erl
+++ b/lib/ssl/src/ssl_session.erl
@@ -103,9 +103,9 @@ select_session([], _, _) ->
 
 select_session(Sessions, #ssl_options{ciphers = Ciphers,
 				      reuse_sessions = ReuseSession}, OwnCert) ->
-    IsResumable = 
- 	fun(Session) -> 
- 		ReuseSession andalso (Session#session.is_resumable) andalso  
+    IsResumable =
+	fun(Session) ->
+		ReuseSession andalso resumable(Session#session.is_resumable) andalso
  		    lists:member(Session#session.cipher_suite, Ciphers)
 		    andalso (OwnCert == Session#session.own_certificate)
  	end,
@@ -147,10 +147,10 @@ is_resumable(SuggestedSessionId, Port, ReuseEnabled, ReuseFun, Cache,
 	#session{cipher_suite = CipherSuite,
 		 own_certificate = SessionOwnCert,
 		 compression_method = Compression,
-		 is_resumable = Is_resumable,
+		 is_resumable = IsResumable,
 		 peer_certificate = PeerCert} = Session ->
 	    ReuseEnabled 
-		andalso Is_resumable  
+		andalso resumable(IsResumable)
 		andalso (OwnCert == SessionOwnCert)
 		andalso valid_session(Session, SecondLifeTime) 
 		andalso ReuseFun(SuggestedSessionId, PeerCert, 
@@ -158,3 +158,8 @@ is_resumable(SuggestedSessionId, Port, ReuseEnabled, ReuseFun, Cache,
 	undefined ->
 	    false
     end.
+
+resumable(new) ->
+    false;
+resumable(IsResumable) ->
+    IsResumable.