Nelson B Bolyard wrote:
When the user says "I
want to clear my current session", which of those SSL sessions
does he mean?
The server whose name appear in his URL bar.
> Anyway if PSM does not expose a jave script method for accessing the
> clear cache command, I'm sure kai or myself would be happy to review a
> patch which does.
The crypto object offers a logout method that does it.
http://mxr.mozilla.org/security/source/security/manager/ssl/src/nsCrypto.cpp#2875
This one just makes sure your password/PIN is forgotten for all token.
Not really the same thing.
Still useful though.
I see no browser code that calls SSL_InvalidateSession
http://mxr.mozilla.org/security/ident?i=SSL_InvalidateSession
That one seems to be doing the trick.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
