Adjustment of the last access time update frequency for the distributed session cache
The dsess-last-access-update-interval stanza entry in the [session] stanza of the WebSEAL configuration file specifies the frequency at which WebSEAL updates the session last access time at the distributed session cache.
If we are adjusting session inactivity timeouts or configuring reauthentication based on session inactivity policy (reauth-for-inactive = yes), and we are using the distributed session cache, we might need to adjust this value.
Smaller values offer more accurate inactivity timeout tracking, at the expense of sending updates to the distributed session cache more frequently. Values of less than 1 second are not permitted. Default is 60 seconds. For example:
[session] dsess-last-access-update-interval = 60
As an example, consider the following configuration:
[session] inactive-timeout = 600 dsess-last-access-update-interval = 60
With these configuration values, a user's session may be flagged as "inactive" at the distributed session cache anywhere between 540 seconds and 600 seconds after the user's last access to the WebSEAL server.
Small values for the dsess-last-access-update-interval parameter are not recommended and can seriously impact WebSEAL server performance.
See also Reauthentication with external authentication interface.
See also Cache entry inactivity timeout value
Parent topic: Advanced configuration for the distributed session cache
Related concepts
- Distributed session cache configuration for WebSEAL
- Replica set configuration
- Communication timeout configuration for the distributed session cache
- Performance configuration for the distributed session cache
- SSL configuration for WebSEAL and the distributed session cache
- Maximum concurrent sessions policy
- Single signon in a replica set