Apache HTTP Server Version 2.4
Apache HTTP Server Version 2.4
| Description: | Session support |
|---|---|
| Status: | Extension |
| Module Identifier: | session_module |
| Source File: | mod_session.c |
| Compatibility: | Available in Apache 2.3 and later |
The session modules make use of HTTP cookies, and as such can fall victim to Cross Site Scripting attacks, or expose potentially private information to clients. Please ensure that the relevant risks have been taken into account before enabling the session functionality on your server.
This module provides support for a server wide per user session interface. Sessions can be used for keeping track of whether a user has been logged in, or for other per user information that should be kept available across requests.
Sessions may be stored on the server, or may be stored on the
browser. Sessions may also be optionally encrypted for added security.
These features are divided into several modules in addition to
mod_session; mod_session_crypto,
mod_session_cookie and mod_session_dbd.
Depending on the server requirements, load the appropriate modules
into the server (either statically at compile time or dynamically
via the LoadModule directive).
Sessions may be manipulated from other modules that depend on the session, or the session may be read from and written to using environment variables and HTTP headers, as appropriate.
