On Tue, Mar 17, 2009 at 02:39:56PM +0200, Eddy Nigg wrote: > On 03/17/2009 01:55 PM, Ian G: >> [4] There is some discussion about session caching, and it may be true >> that there are server problems to be sorted out. But as far as I can >> see, most of the sites that I deal with have this issue, so it may >> bounce back to being a client-side issue regardless of what we say. > > That's because Apache's default cache timeout is set to 30 seconds or > so. And might be buggy in addition to that.
The default mod_ssl configuration uses a 300 second timeout, not 30. There's a plea being made here that mod_ssl should cache sessions by default for what, hours? Days? It seems like a poor trade-off to require a larger memory footprint of all the SSL servers in the world, rather than improve Firefox to be a bit smarter about caching/allowing-to-be-cached the association between a client cert and a given URL prefix or whatever. Regards, Joe -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto