Hi,
About the following documentation I understand that I can set a "SessionCryptoPassphrase" for protect my session with a cookie. And if I change my SessionCryptoPassphrase from "my_secret_phrase" to "my_NEW_secret_phrase" and restart my server, the client browser should lost his session. http://httpd.apache.org/docs/2.4/fr/mod/mod_session_crypto.html May be I forget something, because when I change the SessionCryptoPassphrase to everything, I never lost the session. Any help ? <Location /> ..... ..... SetHandler form-login-handler Session On SessionCookieName MY_Cookie path=/my_url;domain=exemple.com;httponly;secure;version=1; SessionCryptoPassphrase my_secret_phrase .... .... </Location> Change to and restart <Location /> ..... ..... SetHandler form-login-handler Session On SessionCookieName MY_Cookie path=/my_url;domain=exemple.com;httponly;secure;version=1; SessionCryptoPassphrase my_NEW_secret_phrase .... .... </Location> Regards. __________________________ Avant d'imprimer, pensez à l'environnement ! Please consider the environment before printing ! Ce message et toutes ses pièces jointes sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute utilisation non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. IFP Energies nouvelles décline toute responsabilité au titre de ce message. This message and any attachments are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. IFP Energies nouvelles should not be liable for this message. __________________________
