RE: ssl.SessionId Cache keeps growing

2008-03-04 Thread Jeff MAURY
f the ssltimeout is 86400 seconds ie 1 day. It cannot be changed with a property (on Java5). Regards Jeff MAURY Caldarale, Charles R wrote: > >> From: Yuval Perlov [mailto:[EMAIL PROTECTED] >> Subject: Re: ssl.SessionId Cache keeps growing > >> Been all over those object

RE: ssl.SessionId Cache keeps growing

2008-01-22 Thread Caldarale, Charles R
> From: Yuval Perlov [mailto:[EMAIL PROTECTED] > Subject: Re: ssl.SessionId Cache keeps growing > Been all over those objects thinking I can set a system > wide default. There is the JVM -XX:SoftRefLRUPolicyMSPerMB=n option, where n is defined as "Number of milliseconds per MB

RE: ssl.SessionId Cache keeps growing

2008-01-22 Thread Caldarale, Charles R
> From: Jonadan [mailto:[EMAIL PROTECTED] > Subject: Re: ssl.SessionId Cache keeps growing > > There are alternative designs than using sessions! Not in this case. Don't confuse HTTPSession with SSLSession - the former is managed by Tomcat and can be avoided as you state, the

Re: ssl.SessionId Cache keeps growing

2008-01-22 Thread Jonadan
There are alternative designs than using sessions! If the problem is that serious, you might consider other options. Regards. Yuval Perlov wrote: > > On a side note, I'd like to argue that if you have users logging in, > you can't help having some kind of object on the server side telling

Re: ssl.SessionId Cache keeps growing

2008-01-21 Thread Yuval Perlov
On Jan 21, 2008, at 11:50 PM, Caldarale, Charles R wrote: From: Yuval Perlov [mailto:[EMAIL PROTECTED] Subject: ssl.SessionId Cache keeps growing 1. Any one has ever met this problem? I haven't, but it's definitely an interesting one. 2. Is there anyway to access the ssl.SessionId object a

Re: ssl.SessionId Cache keeps growing

2008-01-21 Thread Yuval Perlov
Well, this is not session problems I am having but SSL Sessions - you can't have a secure connection without using one of those. On a side note, I'd like to argue that if you have users logging in, you can't help having some kind of object on the server side telling you which user is actual

RE: ssl.SessionId Cache keeps growing

2008-01-21 Thread Jonadan
IMHO, there isn't much you can do about once you use sessions. The problem with session is that there is no natural way telling that session is ended and can be discarded! So system may have to keep session objects for long. For this reason, I always avoid to use sessions. If this is a major prob

RE: ssl.SessionId Cache keeps growing

2008-01-21 Thread Caldarale, Charles R
> From: Yuval Perlov [mailto:[EMAIL PROTECTED] > Subject: ssl.SessionId Cache keeps growing > > 1. Any one has ever met this problem? I haven't, but it's definitely an interesting one. > 2. Is there anyway to access the ssl.SessionId object and invalidate > it during the HttpServletRequest li