SSL Tracking is supported only for the IBM HTTP Server and SUN one Web Server.
When SSL ID tracking is enabled for requests over SSL, SSL session information is used to track the HTTP session ID. Since the SSL session ID is negoitated between the HTTP server and browser, it cannot survive the HTTP Server crash However, the failure of an application server does not affect the SSL session ID and if the distributed session is not enabled the session itself is lost.The lifetime of an SSL session ID can be controlled by configuration options in the Web server. In environments that use WebSphere Edge Server with multiple HTTP servers, you must use an affinity
mechanism when SSL session ID is used as the session tracking mechanism.
When the SSL session ID is to be used as the session tracking mechanism in a clustered environment, either cookies or URL rewriting must be used to maintain session affinity. The cookie or rewritten URL contains session affinity information that enables the Web server to properly route requests back to the same server once the HTTP session has been created on a server. The SSL ID is not sent in the cookie or rewritten URL but is derived from the SSL information.
The main disadvantage of using SSL ID tracking is the performance hit of using SSL. If you have a business requirement to use SSL, then this would be a good choice. If you do not have such a requirement, it is probably a good idea to consider using cookies instead.