InfoCenter Home >
4: Developing applications >
4.4: Personalizing applications >
4.4.1: Tracking sessions >
4.4.1.1: Session programming model and environment >
4.4.1.1.1: Deciding between session tracking approaches >
4.4.1.1.1.3: Using SSL information to track sessions

4.4.1.1.1.3: Using SSL information to track sessions

No special programming is required to track sessions with SSL information. Follow the programming model and example described in section 4.4.1.1.

To use SSL information, turn on Enable SSL Tracking in the Session Manager property sheet. Because the SSL session ID is negotiated between the Web browser and HTTP server, it cannot survive an HTTP server failure. However, the failure of an application server does not affect the SSL session ID. (Of course, if session persistence is not configured, the session itself is lost.) In environments that use WebSphere Edge Server with multiple HTTP servers, an affinity mechanism must be used when the SSL session ID is to be used as the session tracking mechanism.

SSL tracking is supported only for the IBM HTTP Server and iPlanet Web servers. The lifetime of an SSL session ID can be controlled by configuration options in the Web server. For example, in the IBM HTTP Server, the configuration variable SSLV3TIMEOUT must be set to allow for an adequate lifetime for the SSL session ID. Too short an interval could result in premature termination of a session. Also, some Web browsers might have their own timers that affect the lifetime of the SSL session ID. These Web browsers might not leave the SSL session ID active long enough to be useful as a mechanism for session tracking.

Go to previous article: Using URL rewriting to track sessions Go to next article: Controlling write operations to persistent store

 

 
Go to previous article: Using URL rewriting to track sessions Go to next article: Controlling write operations to persistent store