> From: Geoff Thorpe [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, September 08, 2001 11:30 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: SSLSessionCacheTimeout
> Hi there,
> On Fri, 7 Sep 2001, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
>> Geof
Hi there,
On Fri, 7 Sep 2001, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
> Geoff,
> Thanks for the detailed explaination - it does make a lot of sense..
> As you've pointed out in case of SHMHT, if a server is lightly loaded, the
> session id will be cached for a time greater than th
On Fri, Sep 07, 2001 at 06:26:18PM -0700, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
wrote:
> Thanks for that feedback.. When I meant "reset the timeout", I certainly
> did not mean to do it for ever.. There has to be a limit - either the number
> of times the reset is done or the time limit - or
omes in at the nth moment)
Anyway, your point is well taken. I guess it's a issue of security vs
performance - and I'm sure security takes a upper hand.
-Madhu
-Original Message-
From: Geoff Thorpe [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 07, 2001 1:04 PM
_ssl gurus agree to have a bigger timeout, it's fine with me.
'else, I can try including the logic in Apache 2.0.
Looking forward for your feedback..
Thanks
-Madhu
-Original Message-
From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 07, 2001 11:45 AM
> The timeout on a session is also a concept subject to much
> misunderstanding.
I've always though TTL, TimeToLive, was a better name.
/r$
--
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com
_
Hi there,
On Fri, 7 Sep 2001, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:
> If my understanding is correct, the current logic for
> SSLSessionCacheTimeout (in mod_ssl) is to mark the time when the first
> request was received, and then, irrespective of how long the connection has
> bee
_ssl gurus agree to have a bigger timeout, it's fine with me.
'else, I can try including the logic in Apache 2.0.
Looking forward for your feedback..
Thanks
-Madhu
-Original Message-
From: Lutz Jaenicke [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 07, 2001 11:45 AM
On Fri, Sep 07, 2001 at 09:52:42AM -0700, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
wrote:
> If my understanding is correct, the current logic for
> SSLSessionCacheTimeout (in mod_ssl) is to mark the time when the first
> request was received, and then, irrespective of how long the connectio