Hi,
If my understanding is correct, the current logic for
SSLSessionCacheTimeout (in mod_ssl) is to mark the time when the first
request was received, and then, irrespective of how long the connection has
been active/inactive, remove the session identifier from the cache after the
timeout has expired..
i.e., suppose the timeout is set to 15 seconds, the first request is
received at 10:15:30 am, the next request from the same client arrives at
10:15:44, and a third request arrives at 10:15:55 - SSL will force a
re-negotiation for the third case..
I was wondering if the above logic makes sense, or is it better to reset the
timeout as and when a request is processed - i.e., reset the timeout to be
10:15:49 after the 2nd request is processed, reset it to be 10:16:20 after
the 3rd request - goes on till a request is not received from the same
client OR the timeout expires..
Any inputs / feedback is welcome..
Thanks
-Madhu
