On Sun, Nov 05, 2000 at 10:17:08PM -0600, Scott Goodwin wrote:
> The behavior:
>
> 1. First hit from browser: session id is generated
> and stored in cache.
>
> 2. Second hit: session id is found in the cache
> and used as expected.
>
> 3. Third hit: session id is found, but *not* used;
> a new session id is created and stored in cache.
>
> This behavior is exhibited when the client is MSIE, Netscape
> or s_client.
>
> I'm maintaining my own cache in memory and using callbacks
> to manage it. Here's the portion that sets up session caching:
[...]
Take a look at ssl_get_prev_session in ssl/ssl_sess.c to determine
potential reasons for the session not being used (or, better,
look at this in a debugger): Maybe session context IDs don't
agree (make sure to define the session context ID for the
SSL_CTX *before* ever calling SSL_new), maybe the timeout
is triggered for some reason.
--
Bodo Möller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]