tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Lamb <>
Subject SSLSessions & Catalina
Date Fri, 22 Sep 2000 21:43:35 GMT

I'm working on a project using catalina, which only use SSL connections. I
need to be able to track session termination, which from the SSL spec's
should be possible--closure alerts. But it looks like two things need to
happen: 1) catalina has to use SSLSession and 2) I need to confirm that jsse
actually supports this functionality.

In looking at the catalina code, I don't see where it uses a SSLSession
except in certificate authentication. Is there anything that prevents this?
It looks like a change to the session code is going to be required.

I haven't yet found anything in the jsse docs that explicitly says it does
or doesn't support closure. It would seem odd if it didn't. It does say that
sessions  may be "explicitly invalidated". The other concern is that the
docs state that "sessions used on a connection may be replaced by a
different session"; does this mean that session invalidation does or doesn't
happen if a session is replaced?

Paul Lamb

View raw message