How to invalidate SSL Session?

venia Jan 5, 2007 10:43 AM

Is there any ways to invalidate SSL session (ex. SSLSession.invalidate()) in the web application?

The problem is that we are using client certificate authentication and after the user performs logout on re-login we need to check his client certificate again without restarting the browser. The only way to do so is to invalidate SSL session on logout.

In the Servlet specification 2.1 there was a special HTTP request attribute "javax.net.ssl.session" where SSLSession object were stored. In the latter versions there are no such an attribute.

1. Re: How to invalidate SSL Session?

mustermann Mar 12, 2007 10:35 AM (in response to venia)

has anybody solved this item, i have the same problem??
Actions
2. Re: How to invalidate SSL Session?

estrellarichardson May 14, 2007 3:48 PM (in response to venia)

Yes, please if anyone has any insight into this problem, it would be greatly appreciated.
Actions

Go to original post