FYI, Bruno's patch has just been applied to SVN trunk. Best regards, Jerome
Le 03/03/2010 12:27, Bruno Harbulot a écrit : > Hi, > > I've just submitted a patch: > http://restlet.tigris.org/issues/show_bug.cgi?id=1050 > > It can be useful for some applications to have access to the TLS session > ID. (This could possibly be used by some ongoing FOAF+SSL work for example.) > > > Regarding the use of SSL session ID for maintaining session, this > discussion should be of interest: > https://issues.apache.org/bugzilla/show_bug.cgi?id=22679 > > > Basically, nothing even guarantees that the same session ID will be used > for multiple requests (it's not just about those 10-15 minutes). > > In addition, what RFC2818<http://tools.ietf.org/html/rfc2818> says > about (TLS) sessions is: > - "Note that an implementation which does this MAY choose to reuse the > session. [...]" > - "It MAY resume a TLS session closed in this fashion." > - "Servers SHOULD be willing to resume TLS sessions closed in this > fashion." > - "As specified in [RFC2246], any implementation which receives a > connection close without first receiving a valid closure alert (a > "premature close") MUST NOT reuse that session." > > It's quoted out of context, but they're all MAYs and SHOULDs (except > about invalidating the session), which implies very little in terms of > what can be expected from the session ID, regarding application session > management. > > > Best wishes, > > Bruno. > > > Stefan Meissner wrote: >> Ok Bruno, thanks for your assessement. >> >> I'll forward your expert's opinion to the architect who gave me this task :) >> >> But generally 10-15 minutes life-time of the session would be sufficient for >> my use-case. >> >> best regards >> Stefan >> >> ------------------------------------------------------ >> http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2452215 >> > > ------------------------------------------------------ > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2454411 > ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2459829
