1 files changed, 20 insertions, 5 deletions

diff --git a/module/mod_auth_singleid.c b/module/mod_auth_singleid.c
index 41402ed..65f3342 100644
--- a/module/mod_auth_singleid.c
+++ b/module/mod_auth_singleid.c
@@ -609,27 +609,42 @@ session_load_info (sid_context_t *ctx, request_rec *r)
 		return NULL;
 
 	sig = get_token (r->pool, &value, " ");
-	if (!sig || !session_validate_sig (r->pool, sig, value))
+	if (!sig || !session_validate_sig (r->pool, sig, value)) {
+		ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r,
+		               "auth-singleid: invalid signature in cookie: %s", sig ? sig : "");
 		return NULL;
+	}
 
 	/* The version of the session info, only 1 supported for now */
 	token = get_token (r->pool, &value, " ");
-	if (!token || strcmp (token, "2") != 0)
+	if (!token || strcmp (token, "2") != 0) {
+		ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r,
+		               "auth-singleid: invalid version number in cookie: %s", token ? token : "");
 		return NULL;
+	}
 
 	token = get_token (r->pool, &value, " ");
 	expiry = strtol (token ? token : "x", &end, 10);
-	if (*end != '\0')
+	if (*end != '\0') {
+		ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r,
+		               "auth-singleid: invalid expiry time in cookie: %s", token ? token : "");
 		return NULL;
+	}
 
 	/* Don't let expired sessions be valid */
-	if (expiry < time (NULL))
+	if (expiry < time (NULL)) {
+		ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r,
+		               "auth-singleid: cookie has expired");
 		return NULL;
+	}
 
 	/* The identifier */
 	identifier = get_token (r->pool, &value, " ");
-	if (!identifier || !ap_is_url (identifier))
+	if (!identifier || !ap_is_url (identifier)) {
+		ap_log_rerror (APLOG_MARK, APLOG_WARNING, 0, r,
+		               "auth-singleid: invalid identifier in cookie: %s", token ? token : "");
 		return NULL;
+	}
 
 	sess = apr_pcalloc (r->pool, sizeof (sid_session_t));
 	sess->expiry = expiry;