> At what appear to be irregular intervals (generally longer than 30 or
> 60 minutes, I believe), SSLeay decides that the current session to a
> browser has expired. My application treats any expired session as a
> reason to force the user to reauthenticate (for example, the
> application starts out in that state:), but I'm curious as to what
> logic SSLeay is using. No data across the connection in longer than a
> certain time interval? If so, what interval? A cursory inspection of
> the code didn't yield anything obvious.
It purges the session cache very 256th connection.
See ssl_update_cache in ssl_lib.c.
-- Eric Norman
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
