|
|
|
A secure sockets layer (SSL) connection includes a unique identifier that is created when an SSL connection is initiated. The SPS can use this unique ID as a token to refer to the session information for a user which is maintained in the SPS in-memory session store. This scheme eliminates cookies as a mechanism for maintaining a user’s session.
A limitation of the SSL ID session scheme is that the initial contact with the SPS establishes an SSL session ID. If a user’s SSL session is interrupted, and a new SSL connection is established, the user must be re-authenticated and re-authorized, since the new SSL connection has a connection to a new server, even though it is a virtual server on the same system. This also means that forms used by HTML Forms Authentication Schemes must be served from the same host name as the protected resource.
| Copyright © 2012 CA. All rights reserved. |
|