From fe39ffb8b90ae4e002ed73fe98617cd590abb467 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 27 Apr 2024 08:33:50 +0200 Subject: Adding upstream version 2.4.56. Signed-off-by: Daniel Baumann --- docs/manual/mod/mod_session_cookie.html.en | 197 +++++++++++++++++++++++++++++ 1 file changed, 197 insertions(+) create mode 100644 docs/manual/mod/mod_session_cookie.html.en (limited to 'docs/manual/mod/mod_session_cookie.html.en') diff --git a/docs/manual/mod/mod_session_cookie.html.en b/docs/manual/mod/mod_session_cookie.html.en new file mode 100644 index 0000000..a748c2c --- /dev/null +++ b/docs/manual/mod/mod_session_cookie.html.en @@ -0,0 +1,197 @@ + + + + + +mod_session_cookie - Apache HTTP Server Version 2.4 + + + + + + + + +
<-
+ +
+

Apache Module mod_session_cookie

+
+

Available Languages:  en  | + fr 

+
+ + + + +
Description:Cookie based session support
Status:Extension
Module Identifier:session_cookie_module
Source File:mod_session_cookie.c
Compatibility:Available in Apache 2.3 and later
+

Summary

+ +

Warning

+

The session modules make use of HTTP cookies, and as such can fall + victim to Cross Site Scripting attacks, or expose potentially private + information to clients. Please ensure that the relevant risks have + been taken into account before enabling the session functionality on + your server.

+
+ +

This submodule of mod_session provides support for the + storage of user sessions on the remote browser within HTTP cookies.

+ +

Using cookies to store a session removes the need for the server or + a group of servers to store the session locally, or collaborate to share + a session, and can be useful for high traffic environments where a + server based session might be too resource intensive.

+ +

If session privacy is required, the mod_session_crypto + module can be used to encrypt the contents of the session before writing + the session to the client.

+ +

For more details on the session interface, see the documentation for + the mod_session module.

+ +
+ +
top
+
+

Basic Examples

+ +

To create a simple session and store it in a cookie called + session, configure the session as follows:

+ +

Browser based session

Session On
+SessionCookieName session path=/
+
+ +

For more examples on how the session can be configured to be read + from and written to by a CGI application, see the + mod_session examples section.

+ +

For documentation on how the session can be used to store username + and password details, see the mod_auth_form module.

+ +
+
top
+

SessionCookieName Directive

+ + + + + + + +
Description:Name and attributes for the RFC2109 cookie storing the session
Syntax:SessionCookieName name attributes
Default:none
Context:server config, virtual host, directory, .htaccess
Status:Extension
Module:mod_session_cookie
+

The SessionCookieName directive specifies the name and + optional attributes of an RFC2109 compliant cookie inside which the session will + be stored. RFC2109 cookies are set using the Set-Cookie HTTP header. +

+ +

An optional list of cookie attributes can be specified, as per the example below. + These attributes are inserted into the cookie as is, and are not interpreted by + Apache. Ensure that your attributes are defined correctly as per the cookie specification. +

+ +

Cookie with attributes

Session On
+SessionCookieName session path=/private;domain=example.com;httponly;secure;version=1;
+
+ + +
+
top
+

SessionCookieName2 Directive

+ + + + + + + +
Description:Name and attributes for the RFC2965 cookie storing the session
Syntax:SessionCookieName2 name attributes
Default:none
Context:server config, virtual host, directory, .htaccess
Status:Extension
Module:mod_session_cookie
+

The SessionCookieName2 directive specifies the name and + optional attributes of an RFC2965 compliant cookie inside which the session will + be stored. RFC2965 cookies are set using the Set-Cookie2 HTTP header. +

+ +

An optional list of cookie attributes can be specified, as per the example below. + These attributes are inserted into the cookie as is, and are not interpreted by + Apache. Ensure that your attributes are defined correctly as per the cookie specification. +

+ +

Cookie2 with attributes

Session On
+SessionCookieName2 session path=/private;domain=example.com;httponly;secure;version=1;
+
+ + +
+
top
+

SessionCookieRemove Directive

+ + + + + + + +
Description:Control for whether session cookies should be removed from incoming HTTP headers
Syntax:SessionCookieRemove On|Off
Default:SessionCookieRemove Off
Context:server config, virtual host, directory, .htaccess
Status:Extension
Module:mod_session_cookie
+

The SessionCookieRemove flag controls whether the cookies + containing the session will be removed from the headers during request processing.

+ +

In a reverse proxy situation where the Apache server acts as a server frontend for + a backend origin server, revealing the contents of the session cookie to the backend + could be a potential privacy violation. When set to on, the session cookie will be + removed from the incoming HTTP headers.

+ + +
+
+
+

Available Languages:  en  | + fr 

+
top

Comments

Notice:
This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our mailing lists.
+
+ \ No newline at end of file -- cgit v1.2.3