You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by MOKRANI Rachid <ra...@ifpen.fr> on 2015/05/21 13:23:42 UTC
[users@httpd] SessionCryptoPassphrase
Hi,
About the following documentation I understand that I can set a "SessionCryptoPassphrase" for protect my session with a cookie. And if I change my SessionCryptoPassphrase from "my_secret_phrase" to "my_NEW_secret_phrase" and restart my server, the client browser should lost his session.
http://httpd.apache.org/docs/2.4/fr/mod/mod_session_crypto.html
May be I forget something, because when I change the SessionCryptoPassphrase to everything, I never lost the session.
Any help ?
<Location />
.....
.....
SetHandler form-login-handler
Session On
SessionCookieName MY_Cookie path=/my_url;domain=exemple.com;httponly;secure;version=1;
SessionCryptoPassphrase my_secret_phrase
....
....
</Location>
Change to and restart
<Location />
.....
.....
SetHandler form-login-handler
Session On
SessionCookieName MY_Cookie path=/my_url;domain=exemple.com;httponly;secure;version=1;
SessionCryptoPassphrase my_NEW_secret_phrase
....
....
</Location>
Regards.
__________________________
Avant d'imprimer, pensez à l'environnement ! Please consider the environment before printing !
Ce message et toutes ses pièces jointes sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute utilisation non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. IFP Energies nouvelles décline toute responsabilité au titre de ce message. This message and any attachments are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. IFP Energies nouvelles should not be liable for this message.
__________________________