Apache > HTTP Server > Documentation > Version 2.4 > Modules

Apache Module mod_session

Available Languages:  en  |  fr 

Description:Session support
Module Identifier:session_module
Source File:mod_session.c
Compatibility:Available in Apache 2.3 and later



The session modules make use of HTTP cookies, and as such can fall victim to Cross Site Scripting attacks, or expose potentially private information to clients. Please ensure that the relevant risks have been taken into account before enabling the session functionality on your server.

This module provides support for a server wide per user session interface. Sessions can be used for keeping track of whether a user has been logged in, or for other per user information that should be kept available across requests.

Sessions may be stored on the server, or may be stored on the browser. Sessions may also be optionally encrypted for added security. These features are divided into several modules in addition to mod_session; mod_session_crypto, mod_session_cookie and mod_session_dbd. Depending on the server requirements, load the appropriate modules into the server (either statically at compile time or dynamically via the LoadModule directive).

Sessions may be manipulated from other modules that depend on the session, or the session may be read from and written to using environment variables and HTTP headers, as appropriate.

Support Apache!



Bugfix checklist

See also


What is a session?

At the core of the session interface is a table of key and value pairs that are made accessible across browser requests. These pairs can be set to any valid string, as needed by the application making use of the session.

The "session" is a application/x-www-form-urlencoded string containing these key