-- Rich Salz: > > The following environment variables are exported into SSI > > files and CGI scripts: > > SSL_SESSION_ID The hex-encoded SSL session id
On 14 Jun 2003 at 18:24, Daniel Carosone wrote: > The problem is that this is not especially useful in > practice, if your client is IE. Essentially, you can't rely > on IE to keep ssl sessions open from one request to the next, > and thus it's not practical to treat this as a significant > authentication token. As I said earlier, there is no strong enforceable relationship between an https session and a login session. "This fortress wall not merely meets specifications, but is invincible" "But in only covers the north side of the fortress, and there is a gate in the middle that a child could kick down" "The specification was for the north wall, and the gate is the responsibility of the supplies and transport division" --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG HbAVQDehUS8SgfQqOI28BdF348siCWO9xi9Ep226 4yrN59HvscIQo8lQ44oxphi77XJ3ssx4FJUG6y2yd --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]