$ssl_session_id

Description

In NGINX, the $ssl_session_id variable represents the session ID associated with the currently active SSL session. This variable becomes available when the SSL connection has been established and is often used in conjunction with SSL session caching configurations to optimize SSL/TLS handshakes. Each established SSL session can be referenced by its session ID, which is utilized to resume sessions without needing to renegotiate handshakes. This variable is particularly useful for monitoring, logging, or managing user sessions securely. The $ssl_session_id is typically a hex string that uniquely identifies the SSL session. It is created during the handshake process and is used whenever a client attempts to resume an SSL session. If session resumption is not supported or disabled, this variable may return an empty string. Therefore, it’s essential to ensure that the server has SSL session caching enabled to utilize the benefits of this variable effectively. Common values might look like '00:11:22:33:44:55:66:77:88:99:AA:BB' indicating the hexadecimal representation of the session ID. The variable is applicable in various contexts, such as logging configurations to capture SSL session information, or when specific access controls are enabled based on SSL session properties. Additionally, using related variables such as $ssl_protocol and $ssl_cipher can provide deeper insights when paired together with $ssl_session_id.

Config Example

http {
    server {
        listen 443 ssl;
        ssl_certificate /etc/ssl/certs/my_cert.pem;
        ssl_certificate_key /etc/ssl/private/my_cert.key;

        location / {
            access_log /var/log/nginx/access.log combined;
            add_header X-SSL-Session-ID $ssl_session_id;
        }
    }
}