Jason Hunter's 2nd edition book, when talking about session IDs, mentions (page 221) that "Other implementations, like using SSL (Secure Sockets Layer) sessions, are also possible". I cannot find any other reference to doing so.
Can anyone explain, or even better, point me at references to, what one has to do to use SSL sessions (other than run SSL of course) from servlets running in Tomcat 4.0 with Apache? I assume that using SSL sessions obviates the need for cookie/url rewriting/hidden field session handling. Is this true? Are there any constraints to their use other than the usual when running standard sessions? What happens when invalidating a session if it is an SSL session? etc. Many thanks -- Alan P. Sexton, University of Birmingham, UK ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
