SSL session_id variable

Hi,

Is it possible to retrieve the SSL session_id variable like in Apache?
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html

Regards,
Sen

On Wed, Sep 23, 2009 at 05:42:46PM +0200, Sen Haerens wrote:

Hi,

Is it possible to retrieve the SSL session_id variable like in Apache?
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html

No, but it can be added. I’m curious to know how do you plan to use it ?

Igor S. wrote:

I’m curious to know how do you plan to use it ?

It can be a secure value to check against and prevent session hijacking.
http://en.wikipedia.org/wiki/Session_fixation#Solution:Utilize_SSL.2F_TLS_Session_identifier

Igor S. wrote:

The attached patch adds $ssl_session_id variable.

Dear Igor,

Thank you for providing this patch.
It’s working great with Nginx 0.7.62. :wink:

Kidn regards,
Sen

On Sun, Sep 27, 2009 at 08:37:50PM +0200, Sen Haerens wrote:

Igor S. wrote:

The attached patch adds $ssl_session_id variable.

Dear Igor,

Thank you for providing this patch.
It’s working great with Nginx 0.7.62. :wink:

Here is the new more correct patch.

Hi Igor,

Are there any plans to add some sort of distributed SSL session cache
(like distcache for apache)?

Thanks!

Regards,
Omar

2009/9/28 Igor S. [email protected]:

On Thu, Sep 24, 2009 at 02:31:48PM +0200, Sen Haerens wrote:

Igor S. wrote:

I’m curious to know how do you plan to use it ?

It can be a secure value to check against and prevent session hijacking.
http://en.wikipedia.org/wiki/Session_fixation#Solution:Utilize_SSL.2F_TLS_Session_identifier

The attached patch adds $ssl_session_id variable.

On Thu, Oct 01, 2009 at 03:22:04PM +1000, Omar Kilani wrote:

Hi Igor,

Are there any plans to add some sort of distributed SSL session cache
(like distcache for apache)?

Not in near future.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs