http-encrypted-session #

encrypted-session-nginx-module - encrypt and decrypt nginx variable values

Source: upstream source

Directives

encrypted_session_expires #

syntax: encrypted_session_expires 1 arg;  ·  context: http, server, location, server-if, location-if

For example, Back to TOC encrypted_session_expires ------------------------- syntax: encrypted_session_expires <time> default: encrypted_session_expires 1d; context: http, server, server if, location, location if Sets expiration time difference (in seconds by default).

encrypted_session_iv #

syntax: encrypted_session_iv 1 arg;  ·  context: http, server, location, server-if, location-if

For example, Back to TOC encrypted_session_iv -------------------- syntax: encrypted_session_iv <iv> default: encrypted_session_iv "deadbeefdeadbeef"; context: http, server, server if, location, location if Sets the initial vector used for the cipher (must be no longer than 16 bytes).

encrypted_session_key #

syntax: encrypted_session_key 1 arg;  ·  context: http, server, location, server-if, location-if

Sets the 32-byte cipher key used to encrypt and decrypt session data.

set_decrypt_session #

syntax: set_decrypt_session 1 arg;  ·  context: http, server, location, server-if, location-if

Decrypts an encrypted string and stores the result in the specified variable.

set_encrypt_session #

syntax: set_encrypt_session 1 arg;  ·  context: http, server, location, server-if, location-if

Encrypts a given string value and stores the result in the specified variable.

Example

# key must be of 32 bytes long
encrypted_session_key "abcdefghijklmnopqrstuvwxyz123456";

# iv must not be longer than 16 bytes
#   default: "deadbeefdeadbeef" (w/o quotes)
encrypted_session_iv "1234567812345678";

# default: 1d (1 day)
encrypted_session_expires 3600; # in sec

location /encrypt {
    set $raw 'text to encrypted'; # from the ngx_rewrite module
    set_encrypt_session $session $raw;
    set_encode_base32 $session; # from the ngx_set_misc module

    add_header Set-Cookie 'my_login=$session';  # from the ngx_headers module

    # your content handler goes here...
}

location /decrypt {
    set_decode_base32 $session $cookie_my_login; # from the ngx_set_misc module
    set_decrypt_session $raw $session;

    if ($raw = '') {
        # bad session
    }

    # your content handler goes here...
}

↑ back to index