Changes with Apache 2.3.0
[ When backported to 2.2.x, remove entry from this file ]
+ *) Change the directives within the mod_session* modules to be valid
+ both inside and outside the location/directory sections, as
+ suggested by wrowe. [Graham Leggett]
+
*) mod_auth_form: Add a module capable of allowing end users to log
in using an HTML form, storing the credentials within mod_session.
[Graham Leggett]
<description>Enables a session for the current directory or location</description>
<syntax>Session On|Off</syntax>
<default>Session Off</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>Define a maximum age in seconds for a session</description>
<syntax>SessionMaxAge <var>maxage</var></syntax>
<default>SessionMaxAge 0</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<var>HTTP_SESSION</var> environment variable</description>
<syntax>SessionEnv On|Off</syntax>
<default>SessionEnv Off</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>Import session updates from a given HTTP response header</description>
<syntax>SessionHeader <var>header</var></syntax>
<default>none</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>Define URL prefixes for which a session is valid</description>
<syntax>SessionInclude <var>path</var></syntax>
<default>all URLs</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>Define URL prefixes for which a session is ignored</description>
<syntax>SessionExclude <var>path</var></syntax>
<default>none</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>Name and attributes for the RFC2109 cookie storing the session</description>
<syntax>SessionCookieName <var>name</var> <var>attributes</var></syntax>
<default>none</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>Name and attributes for the RFC2965 cookie storing the session</description>
<syntax>SessionCookieName2 <var>name</var> <var>attributes</var></syntax>
<default>none</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>Control for whether session cookies should be removed from incoming HTTP headers</description>
<syntax>SessionCookieRemove On|Off</syntax>
<default>SessionCookieRemove Off</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>The key used to encrypt the session</description>
<syntax>SessionCryptoPassphrase <var>secret</var></syntax>
<default>none</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>The certificate used to encrypt and decrypt the session</description>
<syntax>SessionCryptoCertificateFile <var>file</var></syntax>
<default>none</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>The certificate key used to encrypt and decrypt the session</description>
<syntax>SessionCryptoCertificateKeyFile <var>file</var></syntax>
<default>none</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>The name of the cipher to use during encryption / decryption</description>
<syntax>SessionCryptoCipher <var>cipher</var></syntax>
<default>AES256</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>The name of the digest to use during encryption / decryption</description>
<syntax>SessionCryptoDigest <var>cipher</var></syntax>
<default>SHA</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>The name of the engine to use during encryption / decryption</description>
<syntax>SessionCryptoEngine <var>engine</var></syntax>
<default>none</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>Name and attributes for the RFC2109 cookie storing the session ID</description>
<syntax>SessionDBDCookieName <var>name</var> <var>attributes</var></syntax>
<default>none</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>Name and attributes for the RFC2965 cookie storing the session ID</description>
<syntax>SessionDBDCookieName2 <var>name</var> <var>attributes</var></syntax>
<default>none</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>Control for whether session ID cookies should be removed from incoming HTTP headers</description>
<syntax>SessionDBDCookieRemove On|Off</syntax>
<default>SessionDBDCookieRemove On</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>Enable a per user session</description>
<syntax>SessionDBDPerUser On|Off</syntax>
<default>SessionDBDPerUser Off</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>The SQL query to use to select sessions from the database</description>
<syntax>SessionDBDSelectLabel <var>label</var></syntax>
<default>SessionDBDSelectLabel selectsession</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>The SQL query to use to insert sessions into the database</description>
<syntax>SessionDBDInsertLabel <var>label</var></syntax>
<default>SessionDBDInsertLabel insertsession</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>The SQL query to use to update existing sessions in the database</description>
<syntax>SessionDBDUpdateLabel <var>label</var></syntax>
<default>SessionDBDUpdateLabel updatesession</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
<description>The SQL query to use to remove sessions from the database</description>
<syntax>SessionDBDDeleteLabel <var>label</var></syntax>
<default>SessionDBDDeleteLabel deletesession</default>
-<contextlist><context>directory</context>
+<contextlist><context>server config</context>
+<context>virtual host</context>
+<context>directory</context>
+<context>.htaccess</context>
</contextlist>
<compatibility>Available in Apache 2.3.0 and later</compatibility>
static const command_rec session_cmds[] =
{
- AP_INIT_FLAG("Session", set_session_enable, NULL, OR_AUTHCFG,
+ AP_INIT_FLAG("Session", set_session_enable, NULL, RSRC_CONF|OR_AUTHCFG,
"on if a session should be maintained for these URLs"),
- AP_INIT_TAKE1("SessionMaxAge", set_session_maxage, NULL, OR_AUTHCFG,
+ AP_INIT_TAKE1("SessionMaxAge", set_session_maxage, NULL, RSRC_CONF|OR_AUTHCFG,
"length of time for which a session should be valid. Zero to disable"),
- AP_INIT_TAKE1("SessionHeader", set_session_header, NULL, OR_AUTHCFG,
+ AP_INIT_TAKE1("SessionHeader", set_session_header, NULL, RSRC_CONF|OR_AUTHCFG,
"output header, if present, whose contents will be injected into the session."),
- AP_INIT_FLAG("SessionEnv", set_session_env, NULL, OR_AUTHCFG,
+ AP_INIT_FLAG("SessionEnv", set_session_env, NULL, RSRC_CONF|OR_AUTHCFG,
"on if a session should be written to the CGI environment. Defaults to off"),
- AP_INIT_TAKE1("SessionInclude", add_session_include, NULL, OR_AUTHCFG,
+ AP_INIT_TAKE1("SessionInclude", add_session_include, NULL, RSRC_CONF|OR_AUTHCFG,
"URL prefixes to include in the session. Defaults to all URLs"),
- AP_INIT_TAKE1("SessionExclude", add_session_exclude, NULL, OR_AUTHCFG,
+ AP_INIT_TAKE1("SessionExclude", add_session_exclude, NULL, RSRC_CONF|OR_AUTHCFG,
"URL prefixes to exclude from the session. Defaults to no URLs"),
{NULL}
};
static const command_rec session_cookie_cmds[] =
{
- AP_INIT_RAW_ARGS("SessionCookieName", set_cookie_name, NULL, OR_AUTHCFG,
+ AP_INIT_RAW_ARGS("SessionCookieName", set_cookie_name, NULL, RSRC_CONF|OR_AUTHCFG,
"The name of the RFC2109 cookie carrying the session"),
- AP_INIT_RAW_ARGS("SessionCookieName2", set_cookie_name2, NULL, OR_AUTHCFG,
+ AP_INIT_RAW_ARGS("SessionCookieName2", set_cookie_name2, NULL, RSRC_CONF|OR_AUTHCFG,
"The name of the RFC2965 cookie carrying the session"),
- AP_INIT_FLAG("SessionCookieRemove", set_remove, NULL, OR_AUTHCFG,
+ AP_INIT_FLAG("SessionCookieRemove", set_remove, NULL, RSRC_CONF|OR_AUTHCFG,
"Set to 'On' to remove the session cookie from the headers "
"and hide the cookie from a backend server or process"),
{NULL}
static const command_rec session_dbd_cmds[] =
{
AP_INIT_TAKE1("SessionDBDSelectLabel", ap_set_string_slot,
- (void *) APR_OFFSETOF(session_dbd_dir_conf, selectlabel), OR_AUTHCFG,
+ (void *) APR_OFFSETOF(session_dbd_dir_conf, selectlabel), RSRC_CONF|OR_AUTHCFG,
"Query label used to select a new session"),
AP_INIT_TAKE1("SessionDBDInsertLabel", ap_set_string_slot,
- (void *) APR_OFFSETOF(session_dbd_dir_conf, insertlabel), OR_AUTHCFG,
+ (void *) APR_OFFSETOF(session_dbd_dir_conf, insertlabel), RSRC_CONF|OR_AUTHCFG,
"Query label used to insert a new session"),
AP_INIT_TAKE1("SessionDBDUpdateLabel", ap_set_string_slot,
- (void *) APR_OFFSETOF(session_dbd_dir_conf, updatelabel), OR_AUTHCFG,
+ (void *) APR_OFFSETOF(session_dbd_dir_conf, updatelabel), RSRC_CONF|OR_AUTHCFG,
"Query label used to update an existing session"),
AP_INIT_TAKE1("SessionDBDDeleteLabel", ap_set_string_slot,
- (void *) APR_OFFSETOF(session_dbd_dir_conf, deletelabel), OR_AUTHCFG,
+ (void *) APR_OFFSETOF(session_dbd_dir_conf, deletelabel), RSRC_CONF|OR_AUTHCFG,
"Query label used to delete an existing session"),
- AP_INIT_FLAG("SessionDBDPerUser", set_dbd_peruser, NULL, OR_AUTHCFG,
+ AP_INIT_FLAG("SessionDBDPerUser", set_dbd_peruser, NULL, RSRC_CONF|OR_AUTHCFG,
"Save the session per user"),
AP_INIT_FLAG("SessionDBDCookieRemove", set_dbd_cookie_remove, NULL, RSRC_CONF|OR_AUTHCFG,
"Remove the session cookie after session load. On by default."),
- AP_INIT_RAW_ARGS("SessionDBDCookieName", set_cookie_name, NULL, OR_AUTHCFG,
+ AP_INIT_RAW_ARGS("SessionDBDCookieName", set_cookie_name, NULL, RSRC_CONF|OR_AUTHCFG,
"The name of the RFC2109 cookie carrying the session key"),
- AP_INIT_RAW_ARGS("SessionDBDCookieName2", set_cookie_name2, NULL, OR_AUTHCFG,
+ AP_INIT_RAW_ARGS("SessionDBDCookieName2", set_cookie_name2, NULL, RSRC_CONF|OR_AUTHCFG,
"The name of the RFC2965 cookie carrying the session key"),
{NULL}
};
projects / apache / commitdiff