Clear SSL State
Hello
I have a web application that authenticates the user with client certificate. My logout page removes some attributes from the session and redirects the user to the login page, however when the user log in again..it does not ask for the certificate. If i clear the ssl state by clicking "tools -> options -> contents -> clear ssl state", it asks again for the client certificate (that is what i want).
Is it possible to clear the ssl state programmatically ?
[491 byte] By [
Fillipea] at [2007-10-3 11:09:58]
If I understand the scenario correctly, I don't think you can do what you want with server-side code. The behavior you are observing is client-side behavior. The browser has cached the information and is not asking the user again. I think the solution is at best browser-specific, and I don't know enough about any of them to tell you how to change it. Sorry.
Have you found a solution for you problem?
We have the same issue and I can't find any ways to get SSLSession on server side. In the Servlet specification 2.1 there was a special request attribute - javax.net.ssl.session to get the SSLSession. Latter specification versions does not have this.
