[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] [iaik-jce] How to prevent storage of SSL session information?



This is not a server function, but is a client function.  Your browser (netscape?) is retaining the credentials
it established on the first connection to the server.

You also need to keep in mind that since the web is stateless, the server cannot reliably distinguish between
the case where you "go away and come back" and the case where you just sit for a long time before you click to
the next page.

It may be possible (although I'm not aware of how) to set a short "time out" period on the credentials.  I do
not believe this is possible with "Basic Authentication."  It may be possible with other methods.

=Spencer Thomas, JSTOR, School of Information, University of Michigan
spencer@umich.edu

Bharath Vutukuru wrote:

> HI,
>
> I've installed IAIK-JigsawSSL with mandatory client authentication. I
> observe that once I establish a SSL session , the state is being stored.
> That is, after I visit other websites, if I come back to my JigsawSSL web
> page, client authentication is not being asked and information from
> previous session is being used to continue the SSL connection.
> How do I prevent this?? How can I make the JigsawSSL server ask for
> client-authentication everytime I access a secure webpage on it??
>
> Thanks in advance
> -bharath
>
> --
> Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html
>
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-jce
>

--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl