[Zope] - Secure Server
Hannu Krosing
hannu@trust.ee
Mon, 25 Jan 1999 21:03:44 +0200
Christopher G. Petrilli wrote:
>
> What you're seeing is Layer 3 persiistance, not Layer 4. What's
> happening is that under HTTP/1.1, the connection can support multiple
> HTTP transactions before you have to tear it down and rebuild it. This
> does not imply that there is a "session" at the application layer.
>
> By definition all HTTP operations are atomic, and do not imply any
> previous or subsequent operations.
>
HTTP operations are indeed atomic (CGI a pure example of programming
paradigm called continuation passing style or CPS ;)
But the session that persists is the SSL session.
After initial handshaking and agreeing on the keys to be used,
subsequent HTTPS operations can use the established session.
mod_ssl even has a special session cache for this purpose (it used to
have a separate cache process, now it has bsddb bases session database)
OTOH, it probably has nothing to do with HTTP/1.1 persistent
connections.
I'm quite sure that subsequent HTTPS requests can be serviced by
different backend processes, even concurrently, and still be in the
same session, so the overhead for them is just compression, not the
initial key-exchange.
-------
Hannu