Hello, I am considering using SSL_SESSION_IDs as part of my authentication/session management scheme. (Using Apache, mod_ssl, PHP 4.1.2)
However, the fact that for example Internet Explorer forces renogiate of the SSL session (every 2 minutes) causes problems to the session management. Is there any way to know (interact with apache mod_ssl) when the renogiation is done. By example, the goal would be to know within PHP if the newly renegotiated SSL_SESSION_ID 123671253761253765123765312 is continuation to the previous SSL_SESSION_ID for the logged-in user or to notice if the SSL session is comptely fresh and new and does not have anything to do with previous session. If I understood the SSL documentation correctly, this should be possible as I understood that there is some "inheritance" in the renogotiation. Or am I completely lost here and the SSL session is built "from scratch" upon renogitation. If this little :) problem could be avoided, this would provide a pretty trustable add-on to authentication and session management. Any input? -- Jussi Kallioniemi <[EMAIL PROTECTED]> http://www.cyberian.org/ PGP http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF462C77A -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
