Always decode session attributes early.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1850947 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 14 insertions, 11 deletions

diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
index 10e6396a29..7ee477ce1d 100644
--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -126,20 +126,23 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z)
 
     /* found a session that hasn't expired? */
     now = apr_time_now();
+
     if (zz) {
-        if (zz->expiry && zz->expiry < now) {
+        /* load the session attibutes */
+        rv = ap_run_session_decode(r, zz);
+ 
+        /* having a session we cannot decode is just as good as having
+           none at all */
+       if (OK != rv) {
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817)
+                    "error while decoding the session, "
+                    "session not loaded: %s", r->uri);
             zz = NULL;
         }
-        else {
-            /* having a session we cannot decode is just as good as having
-               none at all */
-            rv = ap_run_session_decode(r, zz);
-            if (OK != rv) {
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817)
-                              "error while decoding the session, "
-                              "session not loaded: %s", r->uri);
-                zz = NULL;
-            }
+
+       /* invalidate session if session is expired */
+        if (zz && zz->expiry && zz->expiry < now) {
+            zz = NULL;
         }
     }