Return-Path: 
 <dev-return-77968-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-dev-archive@www.apache.org
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E53AD10F86
	for <apmail-httpd-dev-archive@www.apache.org>;
 Mon,  8 Jul 2013 23:30:04 +0000 (UTC)
Received: (qmail 13462 invoked by uid 500); 8 Jul 2013 23:30:04 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 13389 invoked by uid 500); 8 Jul 2013 23:30:04 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 13381 invoked by uid 99); 8 Jul 2013 23:30:04 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Jul 2013 23:30:04 +0000
X-ASF-Spam-Status: No, hits=2.2 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_NONE
X-Spam-Check-By: apache.org
Received-SPF: error (athena.apache.org: local policy)
Received: from [69.168.97.78] (HELO smtp.rcn.com) (69.168.97.78)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Jul 2013 23:29:58 +0000
X_CMAE_Category: 0,0 Undefined,Undefined
X-CNFS-Analysis: v=2.1 cv=dem5gxne c=1 sm=0 tr=0
 a=fEl05wXzeJCkBz9gs2itqQ==:117 a=BYWYDRLWasQA:10 a=gct64G8YVAUA:10
 a=YNqtyO0l_hcA:10 a=LaogzpLLAAAA:8 a=aBZzgrZ70pIA:10 a=r77TgQKjGQsHNAKrUKIA:9
 a=9iDbn-4jx3cA:10 a=cKsnjEOsciEA:10 a=mV9VRH-2AAAA:8 a=C8LLAj251CYAZByDFZwA:9
 a=wPNLvfGTeEIA:10 a=pGLkceISAAAA:8 a=Kg6XEE1cmniyKXYWxMgA:9
 a=dTCQUvgZtCeSLoSy:21 a=_W_S_7VecoQA:10
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
Authentication-Results: smtp02.rcn.cmh.synacor.com
 header.from=mi+thun@aldan.algebra.com; sender-id=neutral
Authentication-Results: smtp02.rcn.cmh.synacor.com
 smtp.mail=mi+thun@aldan.algebra.com; spf=neutral; sender-id=neutral
Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.user=anat;
 auth=pass (PLAIN)
Received-SPF: neutral (smtp02.rcn.cmh.synacor.com: 209.6.63.29 is neither
 permitted nor denied by domain of aldan.algebra.com)
Received: from [209.6.63.29] ([209.6.63.29:46119] helo=utka.zajac)
	by smtp.rcn.com (envelope-from <mi+thun@aldan.algebra.com>)
	(ecelerity 2.2.3.49 r(42060/42061)) with ESMTPA
	id 74/B6-22462-C4B4BD15; Mon, 08 Jul 2013 19:29:17 -0400
Message-ID: <51DB4B4B.2060607@aldan.algebra.com>
Date: Mon, 08 Jul 2013 19:29:15 -0400
From: "Mikhail T." <mi+thun@aldan.algebra.com>
User-Agent: Mozilla/5.0 (X11; FreeBSD i386;
 rv:17.0) Gecko/20130325 Thunderbird/17.0.4
MIME-Version: 1.0
To: dev@httpd.apache.org
Subject: Re: Decrypting mod_session-created cookie
References: <51DB4428.8080109@aldan.algebra.com>
 <CAFE37cjfTxvFj3k1qRBABT2oFSQ9EahNxswt=Yf+mFUjkW5Jow@mail.gmail.com>
In-Reply-To: 
 <CAFE37cjfTxvFj3k1qRBABT2oFSQ9EahNxswt=Yf+mFUjkW5Jow@mail.gmail.com>
Content-Type: multipart/alternative;
 boundary="------------080801060603060800010900"
X-Virus-Checked: Checked by ClamAV on apache.org

This is a multi-part message in MIME format.
--------------080801060603060800010900
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

On 08.07.2013 19:11, Daniel Lescohier wrote:
> https://httpd.apache.org/docs/2.4/mod/mod_session.html#sessionprivacy
>
> "The session will be automatically decrypted on load, and encrypted on save by 
> Apache, the underlying application using the session need have no knowledge 
> that encryption is taking place."

Thank you, Daniel, for providing a "you don't need to know" answer to a question.

I do, however, have this need -- in my application the cookie will need to be 
created by a server completely different from the one, that will be parsing it. 
I would also like to code-up a series of jmeter-tests to assure speed and 
correctness of the application -- so I'll also need to implement the same 
encryption in JavaScript or some other language available inside jmeter.

Is there, perhaps, a better answer available? Thanks,

    -mi




--------------080801060603060800010900
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 08.07.2013 19:11, Daniel Lescohier
      wrote:<br>
    </div>
    <blockquote
cite="mid:CAFE37cjfTxvFj3k1qRBABT2oFSQ9EahNxswt=Yf+mFUjkW5Jow@mail.gmail.com"
      type="cite"><a moz-do-not-send="true"
href="https://httpd.apache.org/docs/2.4/mod/mod_session.html#sessionprivacy">https://httpd.apache.org/docs/2.4/mod/mod_session.html#sessionprivacy</a><br>
      <br>
      "The session will be automatically decrypted on load, and
      encrypted on save by Apache, the underlying application using the
      session need have no knowledge that encryption is taking place."</blockquote>
    <br>
    Thank you, Daniel, for providing a "you don't need to know" answer
    to a question.<br>
    <br>
    I do, however, have this need -- in my application the cookie will
    need to be created by a server completely different from the one,
    that will be parsing it. I would also like to code-up a series of
    jmeter-tests to assure speed and correctness of the application --
    so I'll also need to implement the same encryption in JavaScript or
    some other language available inside jmeter.<br>
    <br>
    Is there, perhaps, a better answer available? Thanks,<br>
    <blockquote>-mi<br>
    </blockquote>
    <br>
    <br>
  </body>
</html>

--------------080801060603060800010900--