Concurrent session limits

We can configure WebSEAL to limit the number of concurrent requests for a single user session.

Concurrent session threads hard limit

The hard limit is the maximum number of concurrent threads that a single user session can consume. When a user session reaches its thread limit, WebSEAL stops processing any new requests for the user session and returns an error to the client.

Use the concurrent-session-threads-hard-limit configuration entry in the [server] stanza to configure the session hard limit.

If we do not specify a value for this entry, there is no limit to the number of concurrent threads that a user session can consume.

For example, the following configuration results in a maximum of 10 concurrent threads for a single user session:

[server]
concurrent-session-threads-hard-limit = 10

Concurrent session threads soft limit

You can use the concurrent-session-threads-soft-limit configuration entry in the [server] stanza to configure the session soft limit.

The soft limit is maximum number of concurrent threads that a single user session can consume before WebSEAL generates warning messages. WebSEAL continues processing requests for this session until it reaches the configured concurrent-session-threads-hard-limit.

For example, if the following entries are set then WebSEAL generates warnings when the number of threads for a user session exceeds the soft limit of five. WebSEAL continues to process requests until the hard limit of 10 is reached. Any further requests cause WebSEAL to return an error to the client.

[server]
concurrent-session-threads-soft-limit = 5
concurrent-session-threads-hard-limit = 10

Parent topic: WebSEAL session cache configuration