summaryrefslogtreecommitdiffstats
path: root/modules/session (follow)
Commit message (Expand)AuthorAgeFilesLines
* fix separator parsing, PR #333Giovanni Bechis2023-03-231-1/+1
* Harden mod_session and avoid overflow in case of indecently large sessionChristophe Jaillet2022-04-271-3/+6
* mod_session: account for the '&' in identity_concat().Yann Ylavic2021-03-011-2/+1
* mod_session: save one apr_strtok() in session_identity_decode().Yann Ylavic2021-03-011-1/+1
* Improve a message about SessionExpiryUpdateInterval valuesChristophe Jaillet2020-11-141-1/+1
* be less specific and don't echo passphraseEric Covener2020-04-221-2/+2
* restore/explain new session creationEric Covener2020-03-021-0/+9
* PR56040: add SessionCookieMaxAge On/OffEric Covener2020-03-021-2/+21
* bubble up an error if none of the passhrases workEric Covener2020-03-011-0/+2
* PR56052: resolve problems with expired sessionsEric Covener2020-03-011-9/+8
* Fix spelling errors found by codespell. [skip ci]Mike Rumph2020-02-131-1/+1
* Also avoid adding the Set-Cookie header in both r->headers_out andJoe Orton2019-11-141-2/+2
* leave a hint about session expiration at TRACE2Eric Covener2019-08-251-0/+1
* After reinstatement of DSO support in APR/APR-util, revert r1837437,Graham Leggett2019-06-231-1/+1
* Always decode session attributes early.Hank Ibell2019-01-101-11/+14
* mod_session_cookie: avoid adding the Set-Cookie headerLuca Toscano2018-10-091-2/+2
* Follow up to r1833368: share openssl between modules.Yann Ylavic2018-06-131-1/+1
* mod_session: Strip Session header when SessionEnv is on.Yann Ylavic2018-02-161-5/+8
* Follow up to r1772812: update APLOGNO().Yann Ylavic2017-02-201-2/+2
* mod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash)Yann Ylavic2016-12-061-36/+192
* Remove unnecessary apr_table_do() function castsJacob Champion2016-11-101-7/+6
* mod_session: Introduce SessionExpiryUpdateInterval which allows to Yann Ylavic2015-10-174-7/+44
* mod_session_dbd: follow up to r1687021.Yann Ylavic2015-06-231-6/+5
* mod_session_dbd: follow up to r1686122.Yann Ylavic2015-06-231-4/+7
* mod_session_dbd: Request Notes should have request lifetime.Nick Kew2015-06-181-3/+3
* mod_authn_dbd, mod_authz_dbd, mod_session_dbd, mod_rewrite: Fix lifetimeYann Ylavic2015-05-131-1/+2
* mod_session: When we have a session we were unable to decode, behave as if th...Graham Leggett2014-01-241-12/+18
* mod_session: Fix problems interpreting the SessionInclude andJeff Trawick2014-01-201-3/+3
* Remove redundant check (already performed the line before)Christophe Jaillet2013-12-151-1/+1
* mod_session_crypto: Make sure we try to initialise twice, so we don'tGraham Leggett2013-12-121-7/+0
* mod_session: Reset the max-age on session save. PR 47476.Graham Leggett2013-10-131-3/+10
* mod_session: After parsing the value of the header specified by theGraham Leggett2013-10-131-0/+2
* Add exec: callout support for mod_session_cryptoDaniel Ruggeri2013-09-171-1/+31
* CVE-2013-2249Graham Leggett2013-05-313-38/+48
* Kill some NetWare build warnings.Guenter Knauf2013-05-101-1/+3
* Use %pm available since apr 1.3 instead of an extra call to apr_strerrorStefan Fritsch2013-03-311-3/+2
* mod_session_crypto: Protect ourselves against underlying libraries whoGraham Leggett2012-12-081-1/+1
* Axed C++ comments.Guenter Knauf2012-11-141-2/+2
* formatting: space vs tabChristophe Jaillet2012-11-131-4/+4
* mod_session_dbd: fix a segmentation fault in the function dbd_remove.Christophe Jaillet2012-11-131-16/+8
* s/;;/;/Christophe Jaillet2012-10-121-1/+1
* Various code clean upStefan Fritsch2012-07-151-1/+1
* Your APR does not include SSL/EVP support. Yes, but how do I enable it? --wit...Igor Galić2012-04-111-1/+1
* mod_session: Sessions are encoded as application/x-www-form-urlencoded string...Graham Leggett2012-02-251-3/+3
* Make APACHE_MODULE() accept an optional prerequisite module for configure.Stefan Fritsch2012-01-201-3/+3
* Add lots of unique tags to error log messagesStefan Fritsch2011-12-033-52/+52
* mod_session_dbd: Use apr_status_t as a return code across the mod_session API.Graham Leggett2011-12-021-2/+2
* mod_session: Use apr_status_t as a return code across the mod_session API,Graham Leggett2011-12-024-44/+61
* mod_session_crypto: Fix a pool lifetime problem when reading fromGraham Leggett2011-12-021-1/+1
* Remove some more now redundant log prefixesStefan Fritsch2011-11-304-56/+52