Rich Salz:
> > The following environment variables are exported into SSI 
> > files and CGI scripts:
> >     SSL_SESSION_ID The hex-encoded SSL session id

On 14 Jun 2003 at 18:24, Daniel Carosone wrote:
> The problem is that this is not especially useful in 
> practice, if your client is IE. Essentially, you can't rely 
> on IE to keep ssl sessions open from one request to the next, 
> and thus it's not practical to treat this as a significant 
> authentication token.

As I said earlier, there is no strong enforceable relationship 
between an https session and a login session.

"This fortress wall not merely meets specifications, but is 

"But in only covers the north side of the fortress, and there 
is a gate in the middle that a child could kick down"

"The specification was for the north wall, and the gate is the 
responsibility of the supplies and transport division" 

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to