[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl]cu|| invalidating SSL session



 
Whoops.  My last post got sent out accidentally before I finished it.
 
Is there a way to get a "handle" on an SSL session and invalidate it programmatically?
 
Here's what I tried --
 
javax.net.ssl.SSLSession sslsession = (javax.net.ssl.SSLSession) request.getAttribute ("javax.net.ssl.session");
sslsession.invalidate();
 
This throws a NullPointerException when I try to invalidate (even when webserver/appserver are configured for HTTPS) and the HTTP request was made for HTTPS . 
 
We're using IBM HTTP Server 1.3.19.x (IHS/apache) and WebSphere 4.0.4AdvancedEd.  As far as the servlet API goes, this means Servlet 2.2 and J2SE 1.3 .
 
I remember reading something about how the webserver and appserver must support providing a "handle" to the SSL session and maybe that's my problem, but I thought I'd check whether anyone has tried programmatically accessing an SSL session and attempted to invalidate it.
 
Thanks,
Tommy
 
----- Original Message -----
Sent: Friday, September 06, 2002 09:50 AM
Subject: SSL session invalidate

 
 
javax.net.ssl.session