| Commit message (Expand) | Author | Age | Files | Lines |
* | fix separator parsing, PR #333 | Giovanni Bechis | 2023-03-23 | 1 | -1/+1 |
* | Harden mod_session and avoid overflow in case of indecently large session | Christophe Jaillet | 2022-04-27 | 1 | -3/+6 |
* | mod_session: account for the '&' in identity_concat(). | Yann Ylavic | 2021-03-01 | 1 | -2/+1 |
* | mod_session: save one apr_strtok() in session_identity_decode(). | Yann Ylavic | 2021-03-01 | 1 | -1/+1 |
* | Improve a message about SessionExpiryUpdateInterval values | Christophe Jaillet | 2020-11-14 | 1 | -1/+1 |
* | be less specific and don't echo passphrase | Eric Covener | 2020-04-22 | 1 | -2/+2 |
* | restore/explain new session creation | Eric Covener | 2020-03-02 | 1 | -0/+9 |
* | PR56040: add SessionCookieMaxAge On/Off | Eric Covener | 2020-03-02 | 1 | -2/+21 |
* | bubble up an error if none of the passhrases work | Eric Covener | 2020-03-01 | 1 | -0/+2 |
* | PR56052: resolve problems with expired sessions | Eric Covener | 2020-03-01 | 1 | -9/+8 |
* | Fix spelling errors found by codespell. [skip ci] | Mike Rumph | 2020-02-13 | 1 | -1/+1 |
* | Also avoid adding the Set-Cookie header in both r->headers_out and | Joe Orton | 2019-11-14 | 1 | -2/+2 |
* | leave a hint about session expiration at TRACE2 | Eric Covener | 2019-08-25 | 1 | -0/+1 |
* | After reinstatement of DSO support in APR/APR-util, revert r1837437, | Graham Leggett | 2019-06-23 | 1 | -1/+1 |
* | Always decode session attributes early. | Hank Ibell | 2019-01-10 | 1 | -11/+14 |
* | mod_session_cookie: avoid adding the Set-Cookie header | Luca Toscano | 2018-10-09 | 1 | -2/+2 |
* | Follow up to r1833368: share openssl between modules. | Yann Ylavic | 2018-06-13 | 1 | -1/+1 |
* | mod_session: Strip Session header when SessionEnv is on. | Yann Ylavic | 2018-02-16 | 1 | -5/+8 |
* | Follow up to r1772812: update APLOGNO(). | Yann Ylavic | 2017-02-20 | 1 | -2/+2 |
* | mod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash) | Yann Ylavic | 2016-12-06 | 1 | -36/+192 |
* | Remove unnecessary apr_table_do() function casts | Jacob Champion | 2016-11-10 | 1 | -7/+6 |
* | mod_session: Introduce SessionExpiryUpdateInterval which allows to | Yann Ylavic | 2015-10-17 | 4 | -7/+44 |
* | mod_session_dbd: follow up to r1687021. | Yann Ylavic | 2015-06-23 | 1 | -6/+5 |
* | mod_session_dbd: follow up to r1686122. | Yann Ylavic | 2015-06-23 | 1 | -4/+7 |
* | mod_session_dbd: Request Notes should have request lifetime. | Nick Kew | 2015-06-18 | 1 | -3/+3 |
* | mod_authn_dbd, mod_authz_dbd, mod_session_dbd, mod_rewrite: Fix lifetime | Yann Ylavic | 2015-05-13 | 1 | -1/+2 |
* | mod_session: When we have a session we were unable to decode, behave as if th... | Graham Leggett | 2014-01-24 | 1 | -12/+18 |
* | mod_session: Fix problems interpreting the SessionInclude and | Jeff Trawick | 2014-01-20 | 1 | -3/+3 |
* | Remove redundant check (already performed the line before) | Christophe Jaillet | 2013-12-15 | 1 | -1/+1 |
* | mod_session_crypto: Make sure we try to initialise twice, so we don't | Graham Leggett | 2013-12-12 | 1 | -7/+0 |
* | mod_session: Reset the max-age on session save. PR 47476. | Graham Leggett | 2013-10-13 | 1 | -3/+10 |
* | mod_session: After parsing the value of the header specified by the | Graham Leggett | 2013-10-13 | 1 | -0/+2 |
* | Add exec: callout support for mod_session_crypto | Daniel Ruggeri | 2013-09-17 | 1 | -1/+31 |
* | CVE-2013-2249 | Graham Leggett | 2013-05-31 | 3 | -38/+48 |
* | Kill some NetWare build warnings. | Guenter Knauf | 2013-05-10 | 1 | -1/+3 |
* | Use %pm available since apr 1.3 instead of an extra call to apr_strerror | Stefan Fritsch | 2013-03-31 | 1 | -3/+2 |
* | mod_session_crypto: Protect ourselves against underlying libraries who | Graham Leggett | 2012-12-08 | 1 | -1/+1 |
* | Axed C++ comments. | Guenter Knauf | 2012-11-14 | 1 | -2/+2 |
* | formatting: space vs tab | Christophe Jaillet | 2012-11-13 | 1 | -4/+4 |
* | mod_session_dbd: fix a segmentation fault in the function dbd_remove. | Christophe Jaillet | 2012-11-13 | 1 | -16/+8 |
* | s/;;/;/ | Christophe Jaillet | 2012-10-12 | 1 | -1/+1 |
* | Various code clean up | Stefan Fritsch | 2012-07-15 | 1 | -1/+1 |
* | Your APR does not include SSL/EVP support. Yes, but how do I enable it? --wit... | Igor Galić | 2012-04-11 | 1 | -1/+1 |
* | mod_session: Sessions are encoded as application/x-www-form-urlencoded string... | Graham Leggett | 2012-02-25 | 1 | -3/+3 |
* | Make APACHE_MODULE() accept an optional prerequisite module for configure. | Stefan Fritsch | 2012-01-20 | 1 | -3/+3 |
* | Add lots of unique tags to error log messages | Stefan Fritsch | 2011-12-03 | 3 | -52/+52 |
* | mod_session_dbd: Use apr_status_t as a return code across the mod_session API. | Graham Leggett | 2011-12-02 | 1 | -2/+2 |
* | mod_session: Use apr_status_t as a return code across the mod_session API, | Graham Leggett | 2011-12-02 | 4 | -44/+61 |
* | mod_session_crypto: Fix a pool lifetime problem when reading from | Graham Leggett | 2011-12-02 | 1 | -1/+1 |
* | Remove some more now redundant log prefixes | Stefan Fritsch | 2011-11-30 | 4 | -56/+52 |