mod_session_crypto.html.en revision 2e545ce2450a9953665f701bb05350f0d3f26275
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin This file is generated from xml source: DO NOT EDIT
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<title>mod_session_crypto - Apache HTTP Server</title>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />
2e545ce2450a9953665f701bb05350f0d3f26275nd<script src="/style/scripts/prettify.min.js" type="text/javascript">
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<link href="/images/favicon.ico" rel="shortcut icon" /></head>
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<div class="up"><a href="./"><img title="<-" alt="<-" src="/images/left.gif" /></a></div>
3f08db06526d6901aa08c110b5bc7dde6bc39905nd<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.5</a> > <a href="./">Modules</a></div>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<div id="preamble"><h1>Apache Module mod_session_crypto</h1>
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung<p><span>Available Languages: </span><a href="/en/mod/mod_session_crypto.html" title="English"> en </a></p>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Session encryption support</td></tr>
7f0952c0239ea2d6e37b472db6fde4ef2718343dsf<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>session_crypto_module</td></tr>
46f74e65e6051e6e9391c8e17c5116317210facetakashi<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_session_crypto.c</td></tr>
46f74e65e6051e6e9391c8e17c5116317210facetakashi<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3 and later</td></tr></table>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin <p>The session modules make use of HTTP cookies, and as such can fall
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin victim to Cross Site Scripting attacks, or expose potentially private
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin information to clients. Please ensure that the relevant risks have
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin been taken into account before enabling the session functionality on
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin your server.</p>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin <p>This submodule of <code class="module"><a href="/mod/mod_session.html">mod_session</a></code> provides support for the
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin encryption of user sessions before being written to a local database, or
72c3c99143571371be76ed3916b19bd3214b4363martin written to a remote browser via an HTTP cookie.</p>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin <p>This can help provide privacy to user sessions where the contents of
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin the session should be kept private from the user, or where protection is
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin needed against the effects of cross site scripting attacks.</p>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin <p>For more details on the session interface, see the documentation for
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin the <code class="module"><a href="/mod/mod_session.html">mod_session</a></code> module.</p>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<div id="quickview"><h3 class="directives">Directives</h3>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin<li><img alt="" src="/images/down.gif" /> <a href="#sessioncryptocipher">SessionCryptoCipher</a></li>
c1e61f5534383913a1cb952f927348037b1c1922minfrin<li><img alt="" src="/images/down.gif" /> <a href="#sessioncryptodriver">SessionCryptoDriver</a></li>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<li><img alt="" src="/images/down.gif" /> <a href="#sessioncryptopassphrase">SessionCryptoPassphrase</a></li>
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin<li><img alt="" src="/images/down.gif" /> <a href="#sessioncryptopassphrasefile">SessionCryptoPassphraseFile</a></li>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<li><img alt="" src="/images/down.gif" /> <a href="#basicusage">Basic Usage</a></li>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<li><code class="module"><a href="/mod/mod_session.html">mod_session</a></code></li>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<li><code class="module"><a href="/mod/mod_session_cookie.html">mod_session_cookie</a></code></li>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<li><code class="module"><a href="/mod/mod_session_dbd.html">mod_session_dbd</a></code></li>
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<h2><a name="basicusage" id="basicusage">Basic Usage</a></h2>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin <p>To create a simple encrypted session and store it in a cookie called
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin <var>session</var>, configure the session as follows:</p>
e487d6c09669296f94a5190cc34586a98e624a00nd <div class="example"><h3>Browser based encrypted session</h3><pre class="prettyprint lang-config">
2d24960fa1e6afc7ad5f1bf58b6b3f5e7a9a3497humbedoohSessionCookieName session path=/
2d24960fa1e6afc7ad5f1bf58b6b3f5e7a9a3497humbedoohSessionCryptoPassphrase secret
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin <p>The session will be encrypted with the given key. Different servers can
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin be configured to share sessions by ensuring the same encryption key is used
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin on each server.</p>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin <p>If the encryption key is changed, sessions will be invalidated
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin automatically.</p>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin <p>For documentation on how the session can be used to store username
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin and password details, see the <code class="module"><a href="/mod/mod_auth_form.html">mod_auth_form</a></code> module.</p>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin<div class="directive-section"><h2><a name="SessionCryptoCipher" id="SessionCryptoCipher">SessionCryptoCipher</a> <a name="sessioncryptocipher" id="sessioncryptocipher">Directive</a></h2>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The crypto cipher to be used to encrypt the session</td></tr>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionCryptoCipher <var>name</var></code></td></tr>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>aes256</code></td></tr>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_session_crypto</td></tr>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3.0 and later</td></tr>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin <p>The <code class="directive">SessionCryptoCipher</code> directive allows the cipher to
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin be used during encryption. If not specified, the cipher defaults to
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin <p>Possible values depend on the crypto driver in use, and could be one of:</p>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin <ul><li>3des192</li><li>aes128</li><li>aes192</li><li>aes256</li></ul>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
c1e61f5534383913a1cb952f927348037b1c1922minfrin<div class="directive-section"><h2><a name="SessionCryptoDriver" id="SessionCryptoDriver">SessionCryptoDriver</a> <a name="sessioncryptodriver" id="sessioncryptodriver">Directive</a></h2>
c1e61f5534383913a1cb952f927348037b1c1922minfrin<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The crypto driver to be used to encrypt the session</td></tr>
c1e61f5534383913a1cb952f927348037b1c1922minfrin<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionCryptoDriver <var>name</var> <var>[param[=value]]</var></code></td></tr>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
c1e61f5534383913a1cb952f927348037b1c1922minfrin<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
7f0952c0239ea2d6e37b472db6fde4ef2718343dsf<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_session_crypto</td></tr>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3.0 and later</td></tr>
c1e61f5534383913a1cb952f927348037b1c1922minfrin <p>The <code class="directive">SessionCryptoDriver</code> directive specifies the name of
c1e61f5534383913a1cb952f927348037b1c1922minfrin the crypto driver to be used for encryption. If not specified, the driver defaults
c1e61f5534383913a1cb952f927348037b1c1922minfrin to the recommended driver compiled into APR-util.</p>
c1e61f5534383913a1cb952f927348037b1c1922minfrin <p>The <var>NSS</var> crypto driver requires some parameters for configuration,
c1e61f5534383913a1cb952f927348037b1c1922minfrin which are specified as parameters with optional values after the driver name.</p>
e487d6c09669296f94a5190cc34586a98e624a00nd <div class="example"><h3>NSS without a certificate database</h3><pre class="prettyprint lang-config">
c1e61f5534383913a1cb952f927348037b1c1922minfrin SessionCryptoDriver nss
e487d6c09669296f94a5190cc34586a98e624a00nd <div class="example"><h3>NSS with certificate database</h3><pre class="prettyprint lang-config">
c1e61f5534383913a1cb952f927348037b1c1922minfrin SessionCryptoDriver nss dir=certs
e487d6c09669296f94a5190cc34586a98e624a00nd <div class="example"><h3>NSS with certificate database and parameters</h3><pre class="prettyprint lang-config">
c1e61f5534383913a1cb952f927348037b1c1922minfrin SessionCryptoDriver nss dir=certs key3=key3.db cert7=cert7.db secmod=secmod
e487d6c09669296f94a5190cc34586a98e624a00nd <div class="example"><h3>NSS with paths containing spaces</h3><pre class="prettyprint lang-config">
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin SessionCryptoDriver nss "dir=My Certs" key3=key3.db cert7=cert7.db secmod=secmod
b244bbf442a0aea3dc397b4d0d751f4716c5891dnd <p>The <var>NSS</var> crypto driver might have already been
b244bbf442a0aea3dc397b4d0d751f4716c5891dnd configured by another part of the server, for example from
b244bbf442a0aea3dc397b4d0d751f4716c5891dnd <code>mod_nss</code> or <code class="module"><a href="/mod/mod_ldap.html">mod_ldap</a></code>. If found to
b244bbf442a0aea3dc397b4d0d751f4716c5891dnd have already been configured, a warning will be logged, and the
b244bbf442a0aea3dc397b4d0d751f4716c5891dnd existing configuration will have taken affect. To avoid this
b244bbf442a0aea3dc397b4d0d751f4716c5891dnd warning, use the noinit parameter as follows.</p>
e487d6c09669296f94a5190cc34586a98e624a00nd <div class="example"><h3>NSS with certificate database</h3><pre class="prettyprint lang-config">
c1e61f5534383913a1cb952f927348037b1c1922minfrin SessionCryptoDriver nss noinit
c1e61f5534383913a1cb952f927348037b1c1922minfrin <p>To prevent confusion, ensure that all modules requiring NSS are configured with
c1e61f5534383913a1cb952f927348037b1c1922minfrin identical parameters.</p>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin <p>The <var>openssl</var> crypto driver supports an optional parameter to specify
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin the engine to be used for encryption.</p>
e487d6c09669296f94a5190cc34586a98e624a00nd <div class="example"><h3>OpenSSL with engine support</h3><pre class="prettyprint lang-config">
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin SessionCryptoDriver openssl engine=name
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<div class="directive-section"><h2><a name="SessionCryptoPassphrase" id="SessionCryptoPassphrase">SessionCryptoPassphrase</a> <a name="sessioncryptopassphrase" id="sessioncryptopassphrase">Directive</a></h2>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The key used to encrypt the session</td></tr>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionCryptoPassphrase <var>secret</var> [ <var>secret</var> ... ] </code></td></tr>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
623eebe956d9c2d6d073ed3eae855b56030b40e9noodl<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
7f0952c0239ea2d6e37b472db6fde4ef2718343dsf<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_session_crypto</td></tr>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3.0 and later</td></tr>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin <p>The <code class="directive">SessionCryptoPassphrase</code> directive specifies the keys
fac8c35bfb158112226ab43ddf84d59daca5dc30nd to be used to enable symmetrical encryption on the contents of the session before
c1e61f5534383913a1cb952f927348037b1c1922minfrin writing the session, or decrypting the contents of the session after reading the
c1e61f5534383913a1cb952f927348037b1c1922minfrin session.</p>
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin <p>Keys are more secure when they are long, and consist of truly random characters.
4277c95b5a9454a5c25f8d8762634fcff37aa840minfrin Changing the key on a server has the effect of invalidating all existing sessions.</p>
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin <p>Multiple keys can be specified in order to support key rotation. The first key
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin listed will be used for encryption, while all keys listed will be attempted for
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin decryption. To rotate keys across multiple servers over a period of time, add a new
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin secret to the end of the list, and once rolled out completely to all servers, remove
6cb5ba7ba62cc211ade9e6b76f82eaae64a3a5d2minfrin the first key from the start of the list.</p>
374adaff9445c620465679c1e5fa624c171d9783rbowen <p>If the value begins with exec: the resulting command will be executed and the
374adaff9445c620465679c1e5fa624c171d9783rbowen first line returned to standard output by the program will be used as the key.</p>
374adaff9445c620465679c1e5fa624c171d9783rbowen#key used as-is
374adaff9445c620465679c1e5fa624c171d9783rbowenSessionCryptoPassphrase secret
374adaff9445c620465679c1e5fa624c171d9783rbowenSessionCryptoPassphrase "exec:/path/to/otherProgram argument1"
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin<div class="directive-section"><h2><a name="SessionCryptoPassphraseFile" id="SessionCryptoPassphraseFile">SessionCryptoPassphraseFile</a> <a name="sessioncryptopassphrasefile" id="sessioncryptopassphrasefile">Directive</a></h2>
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>File containing keys used to encrypt the session</td></tr>
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionCryptoPassphraseFile <var>filename</var></code></td></tr>
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_session_crypto</td></tr>
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3.0 and later</td></tr>
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin <p>The <code class="directive">SessionCryptoPassphraseFile</code> directive specifies the
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin name of a configuration file containing the keys to use for encrypting or decrypting
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin the session, specified one per line. The file is read on server start, and a graceful
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin restart will be necessary for httpd to pick up changes to the keys.</p>
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin <p>Unlike the <code class="directive">SessionCryptoPassphrase</code> directive, the keys are
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin not exposed within the httpd configuration and can be hidden by protecting the file
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin appropriately.</p>
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin <p>Multiple keys can be specified in order to support key rotation. The first key
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin listed will be used for encryption, while all keys listed will be attempted for
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin decryption. To rotate keys across multiple servers over a period of time, add a new
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin secret to the end of the list, and once rolled out completely to all servers, remove
59877c2b4bb77f563370d7fb238f4a6d7a0e7f44minfrin the first key from the start of the list.</p>
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung<p><span>Available Languages: </span><a href="/en/mod/mod_session_crypto.html" title="English"> en </a></p>
727872d18412fc021f03969b8641810d8896820bhumbedooh</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
727872d18412fc021f03969b8641810d8896820bhumbedoohvar comments_shortname = 'httpd';
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedoohvar comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_session_crypto.html';
0d0ba3a410038e179b695446bb149cce6264e0abnd(function(w, d) {
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedooh if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
727872d18412fc021f03969b8641810d8896820bhumbedooh d.write('<div id="comments_thread"><\/div>');
0d0ba3a410038e179b695446bb149cce6264e0abnd var s = d.createElement('script');
ac082aefa89416cbdc9a1836eaf3bed9698201c8humbedooh s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
0d0ba3a410038e179b695446bb149cce6264e0abnd (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
727872d18412fc021f03969b8641810d8896820bhumbedooh d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
0d0ba3a410038e179b695446bb149cce6264e0abnd})(window, document);
07dc96d063d49299da433f84b5c5681da9bbdf68rbowen<p class="apache">Copyright 2014 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
0d0ba3a410038e179b695446bb149cce6264e0abndif (typeof(prettyPrint) !== 'undefined') {
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd prettyPrint();