Tarmo_Mamers
May 25, 2009Nimbostratus
current/initial sessionid variables after SSL session has been invalidated
I'm forcing SSL session invalidation when the web client goes to "/logout.php*"
if { [HTTP::uri] starts_with "/logout.php" } {
session delete ssl [SSL::sessionid]
SSL::session invalidate
SSL::cert mode ignore
HTTP::redirect "https://go.to/"
After that [SSL::modssl_sessionid_headers current] is filled with zeroes and [SSL::modssl_sessionid_headers initial] still contains the last sessionid value.
Both variables disappear only after 15 seconds.
Where does this 15 seconds come from? Is it possible to adjust this timeout to aero so that both variables would disappear right after invalidating the SSL session?
Cheers,
-tarmo-