|
I'm using OpenSSL 0.9.5a.
The behavior:
1. First hit from browser: session id is
generated
and stored in
cache.
2. Second hit: session id is found in the
cache
and used as
expected.
3. Third hit: session id is found, but *not*
used;
a new session id is created
and stored in cache.
This behavior is exhibited when the client is
MSIE, Netscape
or s_client.
I'm maintaining my own cache in memory and using
callbacks
to manage it. Here's the portion that sets up session caching:
if (srvPtr->cachesize != 0) {
SSL_CTX_set_session_id_context
(srvPtr->context, (void
*)
&server_session_id_context, sizeof(server_session_id_context)); SSL_CTX_set_session_cache_mode
(srvPtr->context,
SSL_SESS_CACHE_SERVER); srvPtr->cachehash =
Ns_CacheCreateSz
("ns_openssl",
TCL_STRING_KEYS, srvPtr->cachesize, (Ns_Callback *) NsSSLFreeEntry); SSL_CTX_sess_set_new_cb
(srvPtr->context,
NsSSLNewSessionCacheEntry); SSL_CTX_sess_set_get_cb
(srvPtr->context,
NsSSLGetSessionCacheEntry); SSL_CTX_sess_set_remove_cb
(srvPtr->context,
NsSSLDelSessionCacheEntry); } else {
SSL_CTX_set_session_cache_mode
(srvPtr->context,
SSL_SESS_CACHE_OFF); }
If this looks fine, then I'll take a deeper look
at the caching code
I'm using. Maybe there's something in there
causing this.
Any ideas of where I should look would be greatly
appreciated.
I've placed the source files in question at http://scottg.net/tmp if
anyone wants to see this code in context. If you
need more info, let
me know.
(and if you see anything I can do better in
there, let me know that too ;)
/s.
|
- Re: My session caching is flaky... Scott Goodwin
- Re: My session caching is flaky... Bodo Moeller
