InfoCenter Home > 4.4.1.1.1.3: Using SSL information to track sessionsNo special programming is required to track sessions with SSL information. Follow the programming model and example described in section 4.4.1.1. To use SSL information, turn on Enable SSL Tracking in the Session Manager property sheet. Because the SSL session ID is negotiated between the Web browser and HTTP server, it cannot survive an HTTP server failure. However, the failure of an application server does not affect the SSL session ID. (Of course, if session persistence is not configured, the session itself is lost.) In environments that use WebSphere Edge Server with multiple HTTP servers, an affinity mechanism must be used when the SSL session ID is to be used as the session tracking mechanism. SSL tracking is supported only for the IBM HTTP Server and iPlanet Web servers. The lifetime of an SSL session ID can be controlled by configuration options in the Web server. For example, in the IBM HTTP Server, the configuration variable SSLV3TIMEOUT must be set to allow for an adequate lifetime for the SSL session ID. Too short an interval could result in premature termination of a session. Also, some Web browsers might have their own timers that affect the lifetime of the SSL session ID. These Web browsers might not leave the SSL session ID active long enough to be useful as a mechanism for session tracking. When the SSL session ID is to be used as the session tracking mechanism in a cloned environment, either cookies or URL rewriting must be used to maintain session affinity. The cookie or rewritten URL contains session affinity information that enables the Web server to properly route a session back to the same server for each request. |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|