Different OIDCCryptoPassphrase value having OIDCCacheEncrypt [On] and OIDCCacheType as "shm" across multiple servers

[ravivbarot]

Using default behavior of OIDCCacheType as shm , and OIDCCacheEncrypt [On], trying to understand rational behind this comment for OIDCCryptoPassphrase. "# Note that an encrypted cache mechanism can be shared between servers if they use the same OIDCCryptoPassphrase"

Does that comment assume OIDCCacheType is not default shm, but either memcache or file[|redis]?

[zandbelt]

TLDR: no

the encryption default is cache specific, for shm the default is Off, for the others (external ones) it is On

in principle you can run different Apache servers, each with a unique config, and still share the shm encrypted cache by using the same passphrase; but I guess it makes most sense with the other - external - cache mechanisms

[ravivbarot]

We have OIDCCacheType as shm and OIDCCacheEncrypt is set to [on], and also same config across all apache servers.

WIth above config , we are trying to decide should use same value as OIDCCryptoPassphrase across all servers or different one? what things to be aware of with each option?

[ravivbarot]

Looking for your perspective for above query @zandbelt