After logging onto my web app, users need to authenticate with a X.509 cert.
After a period of inactivity, a user will try to continue using the site. At that point, a new session will be attempted to be made, but fail. It fails due to the fact that re-authentication is not occurring.
If I were to increase Apache's
SSLSessionCacheTimeout to, let's say, 8 hours , would the client no longer need to re-authenticate during session creation?
Note – assuming a new session needs to be created within the 8 hours set for the Apache
EDIT Or, does the SSL session not impact HTTPS sessions at all?