Validation of an activity timestamp

WebSEAL servers can optionally be configured to require that each failover authentication cookie contain a session activity timestamp. The session activity timestamp is not required by default. The default configuration file entry is:

[failover]
failover-require-activity-timestamp-validation = no

This stanza entry is used primarily for compatibility with prior versions of WebSEAL.

• When this value is "no", and the session activity timestamp is missing from the failover cookie, the receiving server will view the cookie as valid.
• When this value is "yes", and the session activity timestamp is missing from the failover cookie, the receiving server will view the cookie as not valid.
• When this value is either "no" or "yes", and the session activity timestamp is present in the failover cookie, the receiving server evaluates the timestamp. If the timestamp is not valid, the authentication fails. If the timestamp is valid, the authentication process proceeds.

The session activity timestamp is configured separately from the session lifetime timestamp.

Parent topic: Failover authentication configuration