Hi,
Is it possible to retrieve the SSL session_id variable like in Apache?
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
Regards,
Sen
On Wed, Sep 23, 2009 at 05:42:46PM +0200, Sen Haerens wrote:
Hi,
Is it possible to retrieve the SSL session_id variable like in Apache?
mod_ssl - Apache HTTP Server Version 2.2
No, but it can be added. I’m curious to know how do you plan to use it ?
Igor S. wrote:
I’m curious to know how do you plan to use it ?
It can be a secure value to check against and prevent session hijacking.
Igor S. wrote:
The attached patch adds $ssl_session_id variable.
Dear Igor,
Thank you for providing this patch.
It’s working great with Nginx 0.7.62. 
Kidn regards,
Sen
On Sun, Sep 27, 2009 at 08:37:50PM +0200, Sen Haerens wrote:
Igor S. wrote:
The attached patch adds $ssl_session_id variable.
Dear Igor,
Thank you for providing this patch.
It’s working great with Nginx 0.7.62.
Here is the new more correct patch.
Hi Igor,
Are there any plans to add some sort of distributed SSL session cache
(like distcache for apache)?
Thanks!
Regards,
Omar
2009/9/28 Igor S. [email protected]:
On Thu, Sep 24, 2009 at 02:31:48PM +0200, Sen Haerens wrote:
Igor S. wrote:
I’m curious to know how do you plan to use it ?
It can be a secure value to check against and prevent session hijacking.
Session fixation - Wikipedia
The attached patch adds $ssl_session_id variable.
On Thu, Oct 01, 2009 at 03:22:04PM +1000, Omar Kilani wrote:
Hi Igor,
Are there any plans to add some sort of distributed SSL session cache
(like distcache for apache)?
Not in near future.