On other quick note - when we were discussing SSL sessions earlier
I remember the concensus was that database clients usually keep a
connection established for relatively long times.
But now I'm not so sure - what about web servers communicating to
a database backend? They should use connection pooling, but is
this a realistic expectation?
If there are frequent secure connections (e.g., to store sensitive
information such as credit card information... one would hope!)
but no connection pooling, it may make sense to support resumable
secure connections even if they are unnecessary for most clients.
These sessions would still expire after some (configurable) idle
period.
Bear