First off, I'd like to thank everyone that offered help with the load
balancing question. The ssl3 sticky sessions on the LocalDirectors should
do the trick for us.
Now, on to my new question, and I hope I can explain it without thoroughly
confusing everyone:
We have modssl configured with an SSLSessionCacheTimeout of 300 seconds.
One of the web applications running on the server uses frames, with one
frameset containing an HTTP form, and the other frameset having navigation
buttons, including the submit button. The design and implementation of
these pages is out of my control. When the user hits the submit button, the
page runs some JavaScript that performs an HTTP post on the frameset with
the form. This works fine as long as the user doesn't take longer that 300
seconds to fill out the form and hit submit. If modssl expires the session
cache, the browser clears all the entries in the HTML form. This leads me
to believe that the browser is somehow limiting access from one frameset to
the other based on the session id, and since the session ids don't match, it
is clearing the form data. We see this behavior in both IE and Netscape.
So, on to my questions:
1. How, in general, do browsers manage access to locally cached secure
pages. Does my interpretation above make any sense?
2. If my interpretation above is correct, is there any way to change this
behavior in the browser's configuration?
3. If my interpretation is not correct, does anyone have any idea why the
forms data is getting cleared?
4. The obvious workaround here is to increase the SSLSessionCacheTimeout.
Is their any recommended maximum value for this?
Thanks
Mike
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
