Aha! Apache mod_ssl provides SSL_SESSION_ID, but not by default. So I just need to require SSL/TLS, and don't have to implement (or use anyone else's) schlocky session management.
Back to blog or home page
last updated 2012-01-27 00:10:25. served from tektonic.jcomeau.com