> From: Goo Sam Kong [mailto:[email protected]] > Subject: Re: How to set SSL session timeout in Tomcat 5.5.16 > > I attempted that, that is HTTP Session not SSL session.
Depending on how your webapp is configured, you may have two HttpSession objects - one protected, and one not. Make sure you're invalidating the protected session from servlet code associated with a protected resource, not from an unprotected reference. You could also turn off keep-alives in the HTTPS <Connector> (set maxKeepAliveRequests="1"). Renegotiating the SSL handshake on each request might be a noticeable performance hit, however. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
