Tanel Unt wrote:
So far i've learned that i should call /void ssl_scache_remove(server_rec *s, UCHAR *id, int idlen)/in mod_ssl code somehow but i don't know how or when. Extension modules like mod_python etc. won't allow me so a direct hack of apache code is required. The applications can direct user to a fixed URL on logout so perhaps a handler that would invalidate and cleanup user SSL session after that request has been processed?
Essentially you would need to add a handler to mod_ssl that when you hit the handler, the handler calls ssl_scache_remove() and then redirects the user to somewhere useful, or displays a suitable page ("you have been logged out").
That should be relatively straightforward (unless I am missing something).A cleaner approach may be to export ssl_scache_remove() (and friends) as optional functions, and then place the handler in it's own module.
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
