Hi. I have a few questions about multiple sessions, and I'm hoping some
of the people here might have come across these issues. What I'm doing is
a web app that runs on Apache with mod_ssl. There will be a lot of users
at any one time - hundreds, and they are all connecting to the website
over an ssl connection. Because the website is very dynamic, I think each
users is going to have to be using an Apache https session for the whole
time they use the web application, instead of the vanilla Apache login,
send page, log out style session.
What I was wondering was how many such sessions can I run at once, and
what kind of performance can I expect? Is it sensible to do this on a
single processor PIII/900MHz with 512Mb? Is there a limit on the number
of http/https sessions I can run at once? From reading the FM's on the
mod_ssl page, it seems to say that the real performance problem is the
initial key exchange, and once that is done there isn't much ssl processor
overhead.
Also, am I going about this in the right way at all? Would it be better
to use the http login and password features, and have lots of small ssl
sessions, rather that keep people logged into their ssl session for as
long at they are using it, with the web app's own login program. Maybe I
could keep their username and password in a cookie, and resend it per
page, so the ssl session was very short. Would the burden of key
exchanges make it too slow?
TIA
William
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
