My application accesses HSM through the ASP.NET web service through PKCS # 11. I initialize the crypto library and get the session descriptor. The web service supports this descriptor to perform encryption / decryption / signature / verification in batch mode.
The problem I am facing is ASP.NET Web Service Timeouts after 20 minutes. This act, I think, unloads the cryptocurrency library, and the session handle stored in the web service becomes invalid. Yes, I agree that the ASP.NET web service can not be reconfigured to a timeout that will constantly load the cryptocurrency library.
My question is: what happens to the session descriptor that I received primarily from HSM ?. Will it be lost or will it be unused there? I ask about this because I am not closing the open session properly by calling c_closeSession.
Web service is implemented through a thread pool.
thank
source
share