I believe OpenSSL also maintains an internal session cache. If it finds
the session there, it won't even call the mod_ssl retrieve callback.
You can probably configure OpenSSL to not cache, or at least edit the
session cache timeout it has to something like 1 second, in
openssl-ver/ssl/ssl-sess.c
J.
>I want to turn off session caching so that everytime I request a
>secure page I do the ssl handshake. I set SSLSessionCache none, but
>it I leave my secure site and then come back it never does the secure
>handshake again it always reuses the previous session. It does this
>both with IE and Netscape.
>The only way to get it to initiate another session is to close the
>browser.
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
