shibboleth-dev - RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs
Subject: Shibboleth Developers
List archive
RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs
Chronological Thread
- From: "Cantor, Scott E." <>
- To: "" <>
- Subject: RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs
- Date: Wed, 9 Feb 2011 16:05:31 +0000
- Accept-language: en-US
> As to when the session ID is generated, it's part of the initial
> negotiation. One way to think about it is that all HTTP requests
> occur within a session.
As you suggested, however, there's a pretty good chance they'll occur in
multiple sessions, not just one. I very much doubt you'll have any solid
control over when they change.
I think it would make logout pretty much impossible to rely on (ok, more
impossible), and would lead to a lot of client-specific weirdness.
In other words, I suspect most people would end up having to turn it off in
favor of cookies, but we probably wouldn't know without testing it.
Of course, if you use client TLS, that's a perfect solution, but not
generally relevant.
-- Scott
- [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Rod Widdowson, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Kristof Bajnok, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Peter Williams, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Chad La Joie, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Peter Williams, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Bradley Schwoerer, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Michael J. Wheeler, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Eric Norman, 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Kaspar Brand, 02/10/2011
- Re: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Bradley Schwoerer, 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
- RE: [Shib-Dev] Viability of SSL/TLS Session IDs usage for application Session IDs, Cantor, Scott E., 02/09/2011
Archive powered by MHonArc 2.6.16.