I have an IIS 7.5 web application that clients connect to using mutual (aka two way) SSL; the client certificate is provided by a smart card.
I have a need for the web application to timeout. When the timeout occurs I would like to destroy the SSL session (assuming on IIS) thus forcing the client to re-authenticate.
How can I destroy the SSL session? (I'm not referring to HttpSessionState)
