[Zope] - Secure Server

Hannu Krosing hannu@trust.ee
Mon, 25 Jan 1999 21:03:44 +0200


Christopher G. Petrilli wrote:
> 
> What you're seeing is Layer 3 persiistance, not Layer 4.  What's
> happening is that under HTTP/1.1, the connection can support multiple
> HTTP transactions before you have to tear it down and rebuild it.  This
> does not imply that there is a "session" at the application layer.
> 
> By definition all HTTP operations are atomic, and do not imply any
> previous or subsequent operations.
> 
HTTP operations are indeed atomic (CGI a pure example of programming 
paradigm called continuation passing style or CPS ;)

But the session that persists is the SSL session.
After initial handshaking and agreeing on the keys to be used, 
subsequent HTTPS operations can use the established session. 
mod_ssl even has a special session cache for this purpose (it used to 
have a separate cache process, now it has bsddb bases session database)

OTOH, it probably has nothing to do with HTTP/1.1 persistent
connections.

I'm quite sure that subsequent HTTPS requests can be serviced by 
different backend processes, even concurrently, and still be in the 
same session, so the overhead for them is just compression, not the 
initial key-exchange.

-------
Hannu