Menu
After logging onto my web app, users need to authenticate with a X.509 cert.
After a period of inactivity, a user will try to continue using the site. At that point, a new session will be attempted to be made, but fail. It fails due to the fact that re-authentication is not occurring.
If I were to increase Apache's SSLSessionCacheTimeout to, let's say, 8 hours , would the client no longer need to re-authenticate during session creation?
Note - assuming a new session needs to be created within the 8 hours set for the Apache SSLSessionCacheTimeout.
EDIT Or, does the SSL session not impact HTTPS sessions at all?
599
Take a look at the Apache SSL documentation http://www.apache-ssl.org/docs.html Look for "SSLSessionCacheTimeout" according to the documentation increasing the value of this setting should work.
188
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
