JDK-8229148 : SSLSession.invalidate() should not be implicitly required
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Affected Version: 13,14
  • Priority: P3
  • Status: Resolved
  • Resolution: Won't Fix
  • Submitted: 2019-08-05
  • Updated: 2020-11-30
  • Resolved: 2020-11-30
Related Reports
CSR :  
Relates :  
Relates :  
Description
Stateless tickets are not invalidated when the SSLSession.invalidate() method is called.  Since the server keeps no state, there is no state to invalidate.  This may change in a future update or release to keep a small cache tickets
Comments
Will be address in Distributed Session JEP
30-11-2020