firefox not retaining ssl_session_id across servlets
firefox is creating new ssl_session_id for servlet sessions
All Replies (3)
Hi rekha_ms, do all of the connections have the same origin (host name)?
Firefox has an optional preference a user can create to completely prevent re-use of SSL session IDs:
security.ssl.disable_session_identifiers (default = false; not shown in about:config)
It would be very unusual to see that in regular Firefox. It may be the default in the Tor browser.
Yes all the connections are to the localhost. It is happening in RHEL 6.10 firefox while connecting using localhost. Across servlets ssl_session_id is different when connecting to localhost.
But from remote firefox , ssl_session_id is retained across servlets.
can we modify property security.ssl.disable_session_identifiers in about:config
rekha_ms modificouno o
If the problem is only with localhost, I don't think you want to change any settings. Perhaps the session ID is not persisted in the same way with local host. Could you check for a bug here, or file a new one: