On 03/12/2010 09:12 PM, Nelson B Bolyard wrote: > > Well, the problem is this vague notion of the "current SSL session". > You see a page. It may have frames, each of which comes from a different > https server, and each frame may have multiple images or other components, > each of which comes from a different https server. Your browser has an SSL > session established with each one of those servers. When the user says "I > want to clear my current session", which of those SSL sessions > does he mean? > From Java script, that's clear. It's the session directly attached to the 'current' window (in your example, if it's the top level window, it's the connection which created the frames, if it's a sub window, it's the connection associated with that window. You are right about the image thing, Maybe it's not the window that Javascript needs to take as an argument, but something else.. Javascript can walk down the frames and invalidate and of the connections on those frames. We aren't talking about a User, button, but a javascript program so we have a little more clarity. > >> Anyway if PSM does not expose a jave script method for accessing the >> clear cache command, I'm sure kai or myself would be happy to review a >> patch which does. >> > The crypto object offers a logout method that does it. > http://mxr.mozilla.org/security/source/security/manager/ssl/src/nsCrypto.cpp#2875 > This will get Anders what he needs right now. (side effect, everything is logged out). > I see no browser code that calls SSL_InvalidateSession > http://mxr.mozilla.org/security/ident?i=SSL_InvalidateSession >
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
