> So, on to my questions:
>
> 1. How, in general, do browsers manage access to locally cached secure
> pages. Does my interpretation above make any sense?
>
> 2. If my interpretation above is correct, is there any way to change this
> behavior in the browser's configuration?
>
> 3. If my interpretation is not correct, does anyone have any idea why the
> forms data is getting cleared?
I'm not sure about these questions, but your interpretations sounds like the
most possible answer.
> 4. The obvious workaround here is to increase the SSLSessionCacheTimeout.
> Is their any recommended maximum value for this?
We use a maximum of 600 seconds over here. The only drawbacks from
increasing this number is that the amount of memory used by the session
cache will increase so if you have a large number of users, you will want to
increase the size of the cache as well to prevent premature expiration of
sessions. As the size of the cache increases, there also will probably be a
small performance hit (but I doubt it will be at all noticable).
It seems that sessions seem to average about 152 per session, so with the
default session cache size of 512000 bytes, you can have over 3300 cached
sessions before things start rolling over.
In your case, I would consider it safe to increase the session timeout to
whatever value you consider reasonable (15-30min, more?).
-Dave
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
