|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
|
|
Packit |
90a5c9 |
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
Packit |
90a5c9 |
This file is generated from xml source: DO NOT EDIT
|
|
Packit |
90a5c9 |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
Packit |
90a5c9 |
-->
|
|
Packit |
90a5c9 |
<title>mod_session_cookie - Apache HTTP Server Version 2.4</title>
|
|
Packit |
90a5c9 |
<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
|
|
Packit |
90a5c9 |
<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
|
|
Packit |
90a5c9 |
<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
|
|
Packit |
90a5c9 |
<script src="../style/scripts/prettify.min.js" type="text/javascript">
|
|
Packit |
90a5c9 |
</script>
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
<link href="../images/favicon.ico" rel="shortcut icon" /></head>
|
|
Packit |
90a5c9 |
<body>
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Modules | Directives | FAQ | Glossary | Sitemap
|
|
Packit |
90a5c9 |
Apache HTTP Server Version 2.4
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Apache > HTTP Server > Documentation > Version 2.4 > Modules
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Apache Module mod_session_cookie
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Available Languages: en |
|
|
Packit |
90a5c9 |
fr
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Status:Extension
|
|
Packit |
90a5c9 |
Module Identifier:session_cookie_module
|
|
Packit |
90a5c9 |
Source File:mod_session_cookie.c
|
|
Packit |
90a5c9 |
Compatibility:Available in Apache 2.3 and later
|
|
Packit |
90a5c9 |
Summary
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Warning
|
|
Packit |
90a5c9 |
The session modules make use of HTTP cookies, and as such can fall
|
|
Packit |
90a5c9 |
victim to Cross Site Scripting attacks, or expose potentially private
|
|
Packit |
90a5c9 |
information to clients. Please ensure that the relevant risks have
|
|
Packit |
90a5c9 |
been taken into account before enabling the session functionality on
|
|
Packit |
90a5c9 |
your server.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
This submodule of mod_session provides support for the
|
|
Packit |
90a5c9 |
storage of user sessions on the remote browser within HTTP cookies.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Using cookies to store a session removes the need for the server or
|
|
Packit |
90a5c9 |
a group of servers to store the session locally, or collaborate to share
|
|
Packit |
90a5c9 |
a session, and can be useful for high traffic environments where a
|
|
Packit |
90a5c9 |
server based session might be too resource intensive.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
If session privacy is required, the mod_session_crypto
|
|
Packit |
90a5c9 |
module can be used to encrypt the contents of the session before writing
|
|
Packit |
90a5c9 |
the session to the client.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
For more details on the session interface, see the documentation for
|
|
Packit |
90a5c9 |
the mod_session module.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Topics
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Basic Examples
|
|
Packit |
90a5c9 |
Directives
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
SessionCookieName
|
|
Packit |
90a5c9 |
SessionCookieName2
|
|
Packit |
90a5c9 |
SessionCookieRemove
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Bugfix checklistSee also
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
mod_session
|
|
Packit |
90a5c9 |
mod_session_crypto
|
|
Packit |
90a5c9 |
mod_session_dbd
|
|
Packit |
90a5c9 |
Comments
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
To create a simple session and store it in a cookie called
|
|
Packit |
90a5c9 |
session, configure the session as follows:
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Browser based sessionSession On
|
|
Packit |
90a5c9 |
SessionCookieName session path=/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
For more examples on how the session can be configured to be read
|
|
Packit |
90a5c9 |
from and written to by a CGI application, see the
|
|
Packit |
90a5c9 |
mod_session examples section.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
For documentation on how the session can be used to store username
|
|
Packit |
90a5c9 |
and password details, see the mod_auth_form module.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Description:Name and attributes for the RFC2109 cookie storing the session
|
|
Packit |
90a5c9 |
Syntax:SessionCookieName name attributes
|
|
Packit |
90a5c9 |
Default:none
|
|
Packit |
90a5c9 |
Context:server config, virtual host, directory, .htaccess
|
|
Packit |
90a5c9 |
Status:Extension
|
|
Packit |
90a5c9 |
Module:mod_session_cookie
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The SessionCookieName directive specifies the name and
|
|
Packit |
90a5c9 |
optional attributes of an RFC2109 compliant cookie inside which the session will
|
|
Packit |
90a5c9 |
be stored. RFC2109 cookies are set using the Set-Cookie HTTP header.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
An optional list of cookie attributes can be specified, as per the example below.
|
|
Packit |
90a5c9 |
These attributes are inserted into the cookie as is, and are not interpreted by
|
|
Packit |
90a5c9 |
Apache. Ensure that your attributes are defined correctly as per the cookie specification.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Cookie with attributesSession On
|
|
Packit |
90a5c9 |
SessionCookieName session path=/private;domain=example.com;httponly;secure;version=1;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Description:Name and attributes for the RFC2965 cookie storing the session
|
|
Packit |
90a5c9 |
Syntax:SessionCookieName2 name attributes
|
|
Packit |
90a5c9 |
Default:none
|
|
Packit |
90a5c9 |
Context:server config, virtual host, directory, .htaccess
|
|
Packit |
90a5c9 |
Status:Extension
|
|
Packit |
90a5c9 |
Module:mod_session_cookie
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The SessionCookieName2 directive specifies the name and
|
|
Packit |
90a5c9 |
optional attributes of an RFC2965 compliant cookie inside which the session will
|
|
Packit |
90a5c9 |
be stored. RFC2965 cookies are set using the Set-Cookie2 HTTP header.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
An optional list of cookie attributes can be specified, as per the example below.
|
|
Packit |
90a5c9 |
These attributes are inserted into the cookie as is, and are not interpreted by
|
|
Packit |
90a5c9 |
Apache. Ensure that your attributes are defined correctly as per the cookie specification.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Cookie2 with attributesSession On
|
|
Packit |
90a5c9 |
SessionCookieName2 session path=/private;domain=example.com;httponly;secure;version=1;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Description:Control for whether session cookies should be removed from incoming HTTP headers
|
|
Packit |
90a5c9 |
Syntax:SessionCookieRemove On|Off
|
|
Packit |
90a5c9 |
Default:SessionCookieRemove Off
|
|
Packit |
90a5c9 |
Context:server config, virtual host, directory, .htaccess
|
|
Packit |
90a5c9 |
Status:Extension
|
|
Packit |
90a5c9 |
Module:mod_session_cookie
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
The SessionCookieRemove flag controls whether the cookies
|
|
Packit |
90a5c9 |
containing the session will be removed from the headers during request processing.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
In a reverse proxy situation where the Apache server acts as a server frontend for
|
|
Packit |
90a5c9 |
a backend origin server, revealing the contents of the session cookie to the backend
|
|
Packit |
90a5c9 |
could be a potential privacy violation. When set to on, the session cookie will be
|
|
Packit |
90a5c9 |
removed from the incoming HTTP headers.
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
Available Languages: en |
|
|
Packit |
90a5c9 |
fr
|
|
Packit |
90a5c9 |
Notice:This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our mailing lists.
|
|
Packit |
90a5c9 |
<script type="text/javascript">
|
|
Packit |
90a5c9 |
var comments_shortname = 'httpd';
|
|
Packit |
90a5c9 |
var comments_identifier = 'http://httpd.apache.org/docs/2.4/mod/mod_session_cookie.html';
|
|
Packit |
90a5c9 |
(function(w, d) {
|
|
Packit |
90a5c9 |
if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
|
|
Packit |
90a5c9 |
d.write('
|
|
Packit |
90a5c9 |
var s = d.createElement('script');
|
|
Packit |
90a5c9 |
s.type = 'text/javascript';
|
|
Packit |
90a5c9 |
s.async = true;
|
|
Packit |
90a5c9 |
s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
|
|
Packit |
90a5c9 |
(d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
d.write('
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
})(window, document);
|
|
Packit |
90a5c9 |
//--></script>
|
|
Packit |
90a5c9 |
Copyright 2018 The Apache Software Foundation. Licensed under the Apache License, Version 2.0.
|
|
Packit |
90a5c9 |
Modules | Directives | FAQ | Glossary | Sitemap <script type="text/javascript">
|
|
Packit |
90a5c9 |
if (typeof(prettyPrint) !== 'undefined') {
|
|
Packit |
90a5c9 |
prettyPrint();
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
//--></script>
|
|
Packit |
90a5c9 |
</body></html>
|