Re: How do browsers cache ssl pages?

Mon, 06 Nov 2000 16:26:13 -0800 



"Wohlgemuth, Michael J." wrote:
> Now, on to my new question, and I hope I can explain it without thoroughly
> confusing everyone:
> 
> We have modssl configured with an SSLSessionCacheTimeout of 300 seconds.
> One of the web applications running on the server uses frames, with one
> frameset containing an HTTP form, and the other frameset having navigation
> buttons, including the submit button.  The design and implementation of
> these pages is out of my control.  When the user hits the submit button, the
> page runs some JavaScript that performs an HTTP post on the frameset with
> the form.  This works fine as long as the user doesn't take longer that 300
> seconds to fill out the form and hit submit.  If modssl expires the session
> cache, the browser clears all the entries in the HTML form.  This leads me
> to believe that the browser is somehow limiting access from one frameset to
> the other based on the session id, and since the session ids don't match, it
> is clearing the form data.  We see this behavior in both IE and Netscape.

As I understand it the SSLSessions are completely unrelated to any
http-level sessions you may be using on the site.

An SSLsession timing out should be completely transparent to the
client at the http level, a new SSLsession should simply be created
at the SSL level.

For what it's worth, I am using a frame based application over
SSL with an SSLSessionCacheTimout of 300, using http sessions
(which last until the browser is shutdown) to track users and I am 
not experiencing any such problems. I'm not doing any javascript
posts to another frame, but I do use javascript to trigger gets
in other frames.

Can you run your app in straight http mode to check that SSL is
really involved in causing the problem?

-- 
Paul McGarry            mailto:[EMAIL PROTECTED] 
Systems Integrator      http://www.opentec.com.au 
Opentec Pty Ltd         http://www.iebusiness.com.au
6 Lyon Park Road        Phone: (02) 9878 1744 
North Ryde NSW 2113     Fax:   (02) 9878 1755
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to