Hi all,

i try to terminate a session in my own module by setting the creation
time and flushing the cache, unfortunately by the next request from the
same client i get the same session again. (actually it seems to take it
from the cache (ignoring the openssl sessioncache attributes).

is there any way i can force mod_ssl to explicitly invalidate a session
so it will get deleted from the cache aswell ?

the code is use is basically:

r->connection->keepalive = -1;
ssl_sess = SSL_get_session(ssl);
ssl_ctx = SSL_get_SSL_CTX(ssl);
SSL_CTX_remove_session(ssl_ctx, ssl_sess);
SSL_SESSION_set_time(ssl_sess, 0);
SSL_CTX_flush_sessions(ssl_ctx, time(0));
ssl_sess->not_resumable = 1;

anyone has a hint for me what i am doing wrong or what i additionally
need to do to get rid of the session ?


__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org