I have 2 servers running, one for dynamic content (nginx, php) and another for login (apache2, php)
I use memcache to exchange session information
i updated the server software and since then session data in apache has been encrypted
apache:
session :: records ("sessions / s53mqdhghmlrvnvjt05novt4m2", "encrypted-data", 0.1440)
Nginx:
session :: entries ("sessions / s53mqdhghmlrvnvjt05novt4m2", "test | i: 1;", 0.1440)
on both servers the session id is the same and the session cookie still passes sessionId so everything still works like
both servers use the same php.ini
I looked in ssl conf, but I could not find anything to encrypt the session data
Does anyone know where I can stop session data from being encrypted on apache / mod_ssl
change
well I found a working solution, but I still havnt found a problem, I know that the session data should leave the encrypted php process mod_ssl and the session save handler is called when php cleanup operations are executed after the end of the script.
But nothing similar was recorded in the documents.
now it is allowed not to save the data provided by php in session :: write, but rather use session_encode () to generate a session hash and save this
for those of you who are reading this who know how and why I would really like to know to disable the directive that encrypts the data.