On Fri, Jun 13, 2003 at 09:58:32PM -0400, Rich Salz wrote:
> The following environment variables are exported into SSI files
> and CGI scripts:
>     SSL_SESSION_ID The hex-encoded SSL session id

The problem is that this is not especially useful in practice, if
your client is IE. Essentially, you can't rely on IE to keep ssl
sessions open from one request to the next, and thus it's not
practical to treat this as a significant authentication token.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to