On Thu, Dec 30, 1999, Tom Vaughan wrote:
> A long while back, ssl sessions were expired every 100 server restarts. For
> a busy server that stayed up a long while, this was less than
> optimal. Currently ssl sessions are expired on each server start and
> restart, session cache store and retrieve. Doing this on a server start or
> restart is not necessary since the session cache is truncated. And doing
> this on each store and retrieve seems a bit excessive to me. How about
> expiring ssl sessions when a connection is closed?
Hmmm... for SHM based session caches it should not make much difference,
of course. But for DBM based session caches you're right, there it can
be more reasonable to run the expire job on connection close. Hmmm....
but I've to admit that currently I have no real opinion on this. I'm
very unsure what the best/most reasonable approach is. What is the
opinion of others on this topic?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
