I have a client running NT4 Option Pack 5 with IIS as a web server. Both the server and the client have authenticated themselves via digital certificates to establish an SSL session. Normally, as long as the client does not quit out of Navigator orIE, the SSL session is maintained even if the client leaves the Web site and then returns. But I want the server to be able to break the SSL session even if the user stays in Netscape or IE. For example, suppose the user fills out a form on my Web page and hits the submit button. Depending on the user’s entries in the form, I want to be able to immediately break the SSL session (and, as an aside, stop accepting their certificate). I haven’t found any mechanism in IIS that allows the server-sideto decide to break an SSL session with an authenticated client.
How can I accomplish this?