httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: help with hacking the apache 2.2 mod_ssl connection management
Date Mon, 26 Jan 2009 17:41:03 GMT
Tanel Unt wrote:

> So far i've learned that i should call
> /void ssl_scache_remove(server_rec *s, UCHAR *id, int idlen)
> /in mod_ssl code somehow but i don't know how or when. Extension modules 
> like mod_python etc. won't allow me so a direct hack of apache code is 
> required. The applications can direct user to a fixed URL on logout so 
> perhaps a handler that would invalidate and cleanup user SSL session 
> after that request has been processed?

Essentially you would need to add a handler to mod_ssl that when you hit 
the handler, the handler calls ssl_scache_remove() and then redirects 
the user to somewhere useful, or displays a suitable page ("you have 
been logged out").

That should be relatively straightforward (unless I am missing something).

A cleaner approach may be to export ssl_scache_remove() (and friends) as 
optional functions, and then place the handler in it's own module.

Regards,
Graham
--

Mime
View raw message