mod_session_crypto.html.en revision af33a4994ae2ff15bc67d19ff1a7feb906745bf8
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd This file is generated from xml source: DO NOT EDIT
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<script src="/style/scripts/prettify.js" type="text/javascript">
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<link href="/images/favicon.ico" rel="shortcut icon" /></head>
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<div class="up"><a href="./"><img title="<-" alt="<-" src="/images/left.gif" /></a></div>
3b3b7fc78d1f5bfc2769903375050048ff41ff26nd<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.5</a> > <a href="./">Modules</a></div>
594b4dd7639cd01b2200bd0774bc50952ceffcbegryzor<div id="preamble"><h1>Apache Module mod_session_crypto</h1>
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<p><span>Available Languages: </span><a href="/en/mod/mod_session_crypto.html" title="English"> en </a></p>
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Session encryption support</td></tr>
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
e5ce3ac0e9b720c0fa23782e29168a0810697fdetakashi<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>session_crypto_module</td></tr>
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_session_crypto.c</td></tr>
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3 and later</td></tr></table>
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd <p>The session modules make use of HTTP cookies, and as such can fall
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd victim to Cross Site Scripting attacks, or expose potentially private
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd information to clients. Please ensure that the relevant risks have
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd been taken into account before enabling the session functionality on
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd your server.</p>
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd <p>This submodule of <code class="module"><a href="/mod/mod_session.html">mod_session</a></code> provides support for the
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd encryption of user sessions before being written to a local database, or
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd written to a remote browser via an HTTP cookie.</p>
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd <p>This can help provide privacy to user sessions where the contents of
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd the session should be kept private from the user, or where protection is
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd needed against the effects of cross site scripting attacks.</p>
5b10fd3977e6dfff19afe770e612e276962f7950nd <p>For more details on the session interface, see the documentation for
5b10fd3977e6dfff19afe770e612e276962f7950nd the <code class="module"><a href="/mod/mod_session.html">mod_session</a></code> module.</p>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<div id="quickview"><h3 class="directives">Directives</h3>
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<li><img alt="" src="/images/down.gif" /> <a href="#sessioncryptocipher">SessionCryptoCipher</a></li>
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<li><img alt="" src="/images/down.gif" /> <a href="#sessioncryptodriver">SessionCryptoDriver</a></li>
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<li><img alt="" src="/images/down.gif" /> <a href="#sessioncryptopassphrase">SessionCryptoPassphrase</a></li>
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<li><img alt="" src="/images/down.gif" /> <a href="#sessioncryptopassphrasefile">SessionCryptoPassphraseFile</a></li>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<li><img alt="" src="/images/down.gif" /> <a href="#basicusage">Basic Usage</a></li>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<li><code class="module"><a href="/mod/mod_session.html">mod_session</a></code></li>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<li><code class="module"><a href="/mod/mod_session_cookie.html">mod_session_cookie</a></code></li>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<li><code class="module"><a href="/mod/mod_session_dbd.html">mod_session_dbd</a></code></li>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
743bf1d628091019531fd067653aea052b48aec7erikabele<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<h2><a name="basicusage" id="basicusage">Basic Usage</a></h2>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl <p>To create a simple encrypted session and store it in a cookie called
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl <var>session</var>, configure the session as follows:</p>
43a906741e1d11f0f1d0c189d1b55eafbcc21d14noodl <div class="example"><h3>Browser based encrypted session</h3><pre class="prettyprint lang-config">
cb7d9035e080e6838f657dc10bdd5e26df08273ajslSessionCookieName session path=/
43a906741e1d11f0f1d0c189d1b55eafbcc21d14noodlSessionCryptoPassphrase secret
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl <p>The session will be encrypted with the given key. Different servers can
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl be configured to share sessions by ensuring the same encryption key is used
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl on each server.</p>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl <p>If the encryption key is changed, sessions will be invalidated
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl automatically.</p>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl <p>For documentation on how the session can be used to store username
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl and password details, see the <code class="module"><a href="/mod/mod_auth_form.html">mod_auth_form</a></code> module.</p>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<div class="directive-section"><h2><a name="SessionCryptoCipher" id="SessionCryptoCipher">SessionCryptoCipher</a> <a name="sessioncryptocipher" id="sessioncryptocipher">Directive</a></h2>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The crypto cipher to be used to encrypt the session</td></tr>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionCryptoCipher <var>name</var></code></td></tr>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>aes256</code></td></tr>
8e9c6d6438af1ccb46adaa60d34caa3ac98f3851igalic<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_session_crypto</td></tr>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3.0 and later</td></tr>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl <p>The <code class="directive">SessionCryptoCipher</code> directive allows the cipher to
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl be used during encryption. If not specified, the cipher defaults to
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl <p>Possible values depend on the crypto driver in use, and could be one of:</p>
43a906741e1d11f0f1d0c189d1b55eafbcc21d14noodl <ul><li>3des192</li><li>aes128</li><li>aes192</li><li>aes256</li></ul>
43a906741e1d11f0f1d0c189d1b55eafbcc21d14noodl<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
19e58a269fe969b87c28465ee4914f3ae637e264jim<div class="directive-section"><h2><a name="SessionCryptoDriver" id="SessionCryptoDriver">SessionCryptoDriver</a> <a name="sessioncryptodriver" id="sessioncryptodriver">Directive</a></h2>
43a906741e1d11f0f1d0c189d1b55eafbcc21d14noodl<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The crypto driver to be used to encrypt the session</td></tr>
43a906741e1d11f0f1d0c189d1b55eafbcc21d14noodl<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionCryptoDriver <var>name</var> <var>[param[=value]]</var></code></td></tr>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>none</code></td></tr>
cb7d9035e080e6838f657dc10bdd5e26df08273ajsl<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
3b3b7fc78d1f5bfc2769903375050048ff41ff26nd<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_session_crypto</td></tr>
594b4dd7639cd01b2200bd0774bc50952ceffcbegryzor<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3.0 and later</td></tr>
3b3b7fc78d1f5bfc2769903375050048ff41ff26nd <p>The <code class="directive">SessionCryptoDriver</code> directive specifies the name of
9c1260efa52c82c2a58e5b5f20cd6902563d95f5rbowen the crypto driver to be used for encryption. If not specified, the driver defaults
73ba54c33b4fcad0e13005e10ea8648c9fe4265bnd to the recommended driver compiled into APR-util.</p>
<div class="example"><h3>NSS without a certificate database</h3><pre class="prettyprint lang-config">
<div class="example"><h3>NSS with certificate database and parameters</h3><pre class="prettyprint lang-config">
part of the server, for example from <code class="module"><a href="/mod/mod_nss.html">mod_nss</a></code> or
<code class="module"><a href="/mod/mod_ldap.html">mod_ldap</a></code>. If found to have already been configured,
<div class="directive-section"><h2><a name="SessionCryptoPassphrase" id="SessionCryptoPassphrase">SessionCryptoPassphrase</a> <a name="sessioncryptopassphrase" id="sessioncryptopassphrase">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The key used to encrypt the session</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionCryptoPassphrase <var>secret</var> [ <var>secret</var> ... ] </code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3.0 and later</td></tr>
<div class="directive-section"><h2><a name="SessionCryptoPassphraseFile" id="SessionCryptoPassphraseFile">SessionCryptoPassphraseFile</a> <a name="sessioncryptopassphrasefile" id="sessioncryptopassphrasefile">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>File containing keys used to encrypt the session</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SessionCryptoPassphraseFile <var>filename</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.3.0 and later</td></tr>
<p><span>Available Languages: </span><a href="/en/mod/mod_session_crypto.html" title="English"> en </a></p>
</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
var comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_session_crypto.html';
if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
d.write('<div id="comments_thread"><\/div>');
var s = d.createElement('script');
s.type = 'text/javascript';
s.async = true;
s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
(d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
<p class="apache">Copyright 2013 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--