httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From MOKRANI Rachid <rachid.mokr...@ifpen.fr>
Subject [users@httpd] SessionCryptoPassphrase
Date Thu, 21 May 2015 11:23:42 GMT
Hi,


About the following documentation I understand that I can set a "SessionCryptoPassphrase"
for protect my session with a cookie. And if I change my SessionCryptoPassphrase from "my_secret_phrase"
to "my_NEW_secret_phrase" and restart my server, the client browser should lost his session.

http://httpd.apache.org/docs/2.4/fr/mod/mod_session_crypto.html


May be I forget something, because when I change the SessionCryptoPassphrase to everything,
I never lost the session.

Any help ?



<Location />
.....
.....
        SetHandler form-login-handler
        Session On
        SessionCookieName MY_Cookie path=/my_url;domain=exemple.com;httponly;secure;version=1;
        SessionCryptoPassphrase my_secret_phrase
....
....
</Location>

Change to and restart

<Location />
.....
.....
        SetHandler form-login-handler
        Session On
        SessionCookieName  MY_Cookie  path=/my_url;domain=exemple.com;httponly;secure;version=1;
        SessionCryptoPassphrase my_NEW_secret_phrase
....
....
</Location>


Regards.




__________________________
Avant d'imprimer, pensez à l'environnement ! Please consider the environment before printing
! 
Ce message et toutes ses pièces jointes sont confidentiels et établis à l'intention exclusive
de ses destinataires. Toute utilisation non conforme à sa destination, toute diffusion ou
toute publication, totale ou partielle, est interdite, sauf autorisation expresse. IFP Energies
nouvelles décline toute responsabilité au titre de ce message. This message and any attachments
are confidential and intended solely for the addressees. Any unauthorised use or dissemination
is prohibited. IFP Energies nouvelles should not be liable for this message.
__________________________
Mime
View raw message