views:

289

answers:

2

To try to use a reason SSL/TLS session key timeout on the server-side, I'd like to know how long popular browsers cache session keys on the client.

Microsoft describes this information for Windows/IE here:

http://technet.microsoft.com/en-us/library/cc776467(WS.10).aspx

But, I haven't been able to find similar information for other popular browsers. Does anyone know? Thanks!

A: 

According to a very reliable source, this is how it is meant to work in Opera:

Sessions are stored until one of the following conditions occur:

1) server refuses connection (I'm translating this and am not an expert so this may be a bad choice of words)

2) user deletes private data

3) Opera is closed

Hope this gave you some of the information you were looking for.

hallvors
A: 

Google Chrome will never store session information on the disk so most expiration occurs because the user ends the process.

Otherwise, the session store is large enough to be (effectively) infinite for most users.

We don't delete session information when flushing user data (I believe), but we will delete it if we see certain sorts of handshake failures when connecting to the server. That's part of our general fallback for buggy servers which, dealing with the messy web, one is forced to do.

agl