httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Lescohier <daniel.lescoh...@cbsi.com>
Subject Re: Decrypting mod_session-created cookie
Date Mon, 08 Jul 2013 23:11:07 GMT
https://httpd.apache.org/docs/2.4/mod/mod_session.html#sessionprivacy

"The session will be automatically decrypted on load, and encrypted on save
by Apache, the underlying application using the session need have no
knowledge that encryption is taking place."


On Mon, Jul 8, 2013 at 6:58 PM, Mikhail T. <mi+thun@aldan.algebra.com>wrote:

>  From PHP I need to be able to set and read the session cookies created by
> mod_session_crypto.
>
> Suppose, I know the SessionCryptoCipher (aes256, the default) and the
> SessionCryptoPassphrase, how can I decrypt the session-cookie? Its value is
> available to PHP as _REQUEST['session']...
>
> I have both openssl and mcrypt PHP-extensions available on the server, but
> the straightforward approach of
>
> $decrypted = openssl_decrypt($_REQUEST['session'], 'aes256', $password);
>
> is failing... Thank you! Yours,
>
> -mi
>
>

Mime
View raw message