http-encrypted-session #
encrypted-session-nginx-module - encrypt and decrypt nginx variable values
Source: upstream source
Directives
encrypted_session_expires #
syntax: encrypted_session_expires 1 arg; · context: http, server, location, server-if, location-if
For example, Back to TOC encrypted_session_expires ------------------------- syntax: encrypted_session_expires <time> default: encrypted_session_expires 1d; context: http, server, server if, location, location if Sets expiration time difference (in seconds by default).
encrypted_session_iv #
syntax: encrypted_session_iv 1 arg; · context: http, server, location, server-if, location-if
For example, Back to TOC encrypted_session_iv -------------------- syntax: encrypted_session_iv <iv> default: encrypted_session_iv "deadbeefdeadbeef"; context: http, server, server if, location, location if Sets the initial vector used for the cipher (must be no longer than 16 bytes).
encrypted_session_key #
syntax: encrypted_session_key 1 arg; · context: http, server, location, server-if, location-if
Sets the 32-byte cipher key used to encrypt and decrypt session data.
set_decrypt_session #
syntax: set_decrypt_session 1 arg; · context: http, server, location, server-if, location-if
Decrypts an encrypted string and stores the result in the specified variable.
set_encrypt_session #
syntax: set_encrypt_session 1 arg; · context: http, server, location, server-if, location-if
Encrypts a given string value and stores the result in the specified variable.
Example
# key must be of 32 bytes long
encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456";
# iv must not be longer than 16 bytes
# default: "deadbeefdeadbeef" (w/o quotes)
encrypted_session_iv "1234567812345678";
# default: 1d (1 day)
encrypted_session_expires 3600; # in sec
location /encrypt {
set $raw 'text to encrypted'; # from the ngx_rewrite module
set_encrypt_session $session $raw;
set_encode_base32 $session; # from the ngx_set_misc module
add_header Set-Cookie 'my_login=$session'; # from the ngx_headers module
# your content handler goes here...
}
location /decrypt {
set_decode_base32 $session $cookie_my_login; # from the ngx_set_misc module
set_decrypt_session $raw $session;
if ($raw = '') {
# bad session
}
# your content handler goes here...
}