Is it generally a bad idea to allow users to use the same SSL session for
say, an hour? (using 128 bit encryption)
I am trying to play with session caches distributed amongst multiple web
servers to allow a user to reuse the same session for up to an hour (by
sharing session info among the web servers)... but some browsers I believe
force a session re-handshake every so often.. can this be overridden?
I can't seem to find any information about keeping sessions alive for
extended periods of time, all I can find is info about the session cache
timeout for an individual server, and then it doesn't even explain how to
pick a good length and what exactly the significance of that is.
Thanks.
J
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
