Eric Greenberg wrote:
> Also, note that, on the server-side, the maximum amount of time a server
> cache's a session ID is typically configurable. In the earlier Netscape
> servers we used a default cache timeout of 30 seconds. Later, the default
> was increased to 24 hours. So the cache timeouts I mentioned in my previous
> post and here are simply default values. Other values can typically be set
> by the server administrator.
By default, Netscape and iPlanet products based on NSS use a 100 second
limit for SSL2 (per appendix C.8 of the SSL2 spec) and 24 hours for SSLv3
(per appendix F.1.4 of the SSL 3.0 spec).
NSS's server API allows these timeout values to be configured to values
other than the default. How this is configured by a server administrator
varies from product to product.
I believe the current releases of Netscape's client products use the default
timeout values.
--
Nelson Bolyard Sun / Netscape Alliance
Disclaimer: I speak for myself, not for Netscape
