On Fri, Jun 13, 2003 at 09:58:32PM -0400, Rich Salz wrote: > The following environment variables are exported into SSI files > and CGI scripts: > SSL_SESSION_ID The hex-encoded SSL session id
The problem is that this is not especially useful in practice, if your client is IE. Essentially, you can't rely on IE to keep ssl sessions open from one request to the next, and thus it's not practical to treat this as a significant authentication token. -- Dan. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]