Session cache reference
Use the Cluster Configuration management page to administer cluster support for the appliance. We can view and update the current cluster session cache configuration:
- Worker threads
- The number of worker threads that handle the server requests. At a minimum, use a number that is greater than the maximum number of clients.
- Maximum session lifetime
- The maximum lifetime in seconds for each session. Use a value greater than the maximum lifetime of all clients. That is, use a value greater than the maximum [session] timeout value the WebSEAL clients use.
For information about the [session] timeout configuration entry, see the reference topics for the Web Reverse Stanza Proxy in the Knowledge Center.
- Client grace period
- The grace period in seconds that a client has available to restart and register an interest in the session again before the session is removed from the session cache. This period gives the client a chance to restart without losing the session from the server.
Use a similar value to the idle timeout value for the session on the client. That is, use a value similar to the [session] inactive-timeout value set in the client web reverse proxy configuration.
For information about the [session] inactive-timeout configuration entry, see the reference topics for the Web Reverse Stanza Proxy in the Knowledge Center.
- Connection idle timeout
- The maximum length of time that a connection from a client can remain idle before it is closed by the server. A value of 0 indicates that connections will not be reused. Default is 0.
- Support internal clients only
- That only internal clients can use the distributed session cache. Notes:
- The current version supports internal clients only.
- If this option is selected, the remaining fields are disabled.
Clients can be turned off. For information about failover events, search for the Options for handling session failover events topic in the Administering topics in the Knowledge Center. For information about configuration properties, see Advanced configuration properties.
- Support internal and external clients
- That both internal and external clients can use the distributed session cache. To share the key files across the cluster, navigate to the SSL Certificates page and select the Replicate with Cluster check box.
Session cache supports mutual TLS. Ensure the client's certificate in the Distributed Session Cache (DSC) server's trust store and the server's certificate in the client's truststore are added.
The DSC by default supports internal client. It runs on port 2026 and 2027. If external clients support is required, use a different port.
- Port
- The port on which external clients can communicate with the session cache. This field is mandatory if we enable support for internal and external clients.
- Enable SSL
- If selected, the distributed session cache uses secure communication with its clients. If we enable SSL, we must also configure the Keyfile.
- Keyfile
- Lists the existing keyfiles on the appliance. These keyfiles are managed from the SSL certificates page. We can click the SSL Certificates link on the right to go to that page. To share the key files across the cluster, we must go to the SSL Certificates page and select the Replicate with Cluster check box.
- Label
- Lists the certificate labels in the selected keyfile. This field is disabled if a keyfile is not selected.
- Trace level
Trace level for the DSC with an integer (0 - 9). 0 indicates that trace is disabled. 9 indicates the maximum trace level. The trace level setting is not a part of the cluster policy. So this setting is not replicated across the cluster and is not persistent across firmware updates. The trace messages are sent to the log file for the DSC.
Parent topic: Manage cluster configuration