On Wed, Mar 18, 2009 at 07:42:12AM -0700, Kyle Hamilton wrote: > I think a reasonable default would be about 10 or 15 minutes, with a > refresh of the session (moving it back to 0 minutes) every successful > request?
With the default mod_ssl cache, I think that the session should already get stored back to the cache with a fresh expiry time after each connection is terminated, but I'm not sure. Going from 3 minutes to 10 minutes doesn't seem like it will save the world (if 3 minutes was indeed putting the world at risk). Does NSS/Firefox cache the SSL session for the lifetime of the browser process, or what? What about MSIE? Regards, Joe -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto