On Tue, Mar 20, 2001 at 05:43:32PM +1100, Paul McGarry wrote:
> Howdy All,
>
> I'm considering mapping SSL_SESSION_IDs to sessions on my
> webserver. Are there any obvious gotchas that I should be
> aware of before I start going down this route?
>
Don't use SSL_SESSION_ID - most MSIE browser versions will
expire the session after 1 or 2 minutes. SSL_SESSION_ID only
lives until either the server or the client decides to
renegotiate session keys and is only really useful in a
debugging situation.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
