20

I have been trying out SSL session reuse on Android webview. We noticed that the ssl session is being re-used if the consecutive requests happen within ~5 seconds. In the server(nginx) we have set the ssl_session_timeout 10m meaning, 10 minutes and keep-alive is for 30 seconds.

Seems like the Android webview control is destroying session-id after 5 seconds.

How can we reuse the ssl session for at least 30 seconds?

Sudarshan Bhat
  • 3,772
  • 2
  • 26
  • 53
  • I've no solution to your issue.. I wonder if [this](http://stackoverflow.com/questions/4629768/ssl-session-reuse-problems-in-android-j2se-works-fine) gives you any pointer/s.. – Ghost Jul 05 '12 at 12:01
  • @Ghost: That gives for a custom `Httpclient`, not for webview :( – Shrinath Jul 05 '12 at 12:03
  • @Shrinath Yeah.. That's more generalized.. No pointers in android dev website? Did you go thru' the SSL stuff that's mentioned in there? – Ghost Jul 05 '12 at 12:05
  • @Ghost: I checked the online documentation, didn't get any function or parameters that can be used for this... :( – Shrinath Jul 05 '12 at 12:06
  • @Shrinath Oh ok.. I'd suggest you to visit Android related chat rooms.. There are chances that you could get a quick reply there.. All the best.. – Ghost Jul 05 '12 at 12:09
  • @Ghost do not recommend chat rooms in this way ... questions on [SO] have a much wider audience ... why not start a bounty to draw attention to this question? – Moog Jul 14 '12 at 14:50
  • @Merlin At the time of my commenting, a bounty was already placed on this question.. Didn't mean to offend anyone by any means here.. Just intended to see an answer.. Sincere apologies if something has offended you.. – Ghost Jul 17 '12 at 04:54
  • @ghost just highlighting that chatrooms consist of few users that cannot field every question on SO. – Moog Jul 17 '12 at 10:47

2 Answers2

1

If using Httpclient, you may try it on Desktop platform.

1, Write a Java code on PC with Httpclient,
2, Try it with browser.

If it shows the same results, SSL session breaks in 5 secs, that maybe some troubles in Server side.
If not, that maybe something wrong with client side.

Good luck.

meadlai
  • 895
  • 1
  • 9
  • 22
0

I don't know whether you have already solved the issue, but one pretty vague solution to reuse the session is to fetch the session ID, and send the session ID along with the URL to be opened in the WebView.

For e.g.: http://your.required.url/your.context/your.action;jsessionid=<the_current_session_id>?GET=PARAMETERS

SamSPICA
  • 1,366
  • 15
  • 31