Hi all,
i try to terminate a session in my own module by setting the creation
time and flushing the cache, unfortunately by the next request from the
same client i get the same session again. (actually it seems to take it
from the cache (ignoring the openssl sessioncache attributes).
is there any way i can force mod_ssl to explicitly invalidate a session
so it will get deleted from the cache aswell ?
the code is use is basically:
r->connection->keepalive = -1;
ssl_sess = SSL_get_session(ssl);
ssl_ctx = SSL_get_SSL_CTX(ssl);
SSL_CTX_remove_session(ssl_ctx, ssl_sess);
SSL_SESSION_set_time(ssl_sess, 0);
SSL_CTX_flush_sessions(ssl_ctx, time(0));
ssl_sess->not_resumable = 1;
anyone has a hint for me what i am doing wrong or what i additionally
need to do to get rid of the session ?
thanks
Serge
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]
