Whoops. My last post got sent out accidentally before I finished it.
Is there a way to get a "handle" on an SSL session and invalidate it programmatically?
Here's what I tried --
javax.net.ssl.SSLSession sslsession = (javax.net.ssl.SSLSession) request.getAttribute ("javax.net.ssl.session");
This throws a NullPointerException when I try to invalidate (even when webserver/appserver are configured for HTTPS) and the HTTP request was made for HTTPS .
We're using IBM HTTP Server 1.3.19.x (IHS/apache) and WebSphere 4.0.4AdvancedEd. As far as the servlet API goes, this means Servlet 2.2 and J2SE 1.3 .
I remember reading something about how the webserver and appserver must support providing a "handle" to the SSL session and maybe that's my problem, but I thought I'd check whether anyone has tried programmatically accessing an SSL session and attempted to invalidate it.