Validation of a lifetime timestamp

WebSEAL servers can optionally be configured to require that each failover authentication cookie contain a session lifetime timestamp. The session lifetime timestamp is not required by default. The default configuration file entry is:

[failover]
failover-require-lifetime-timestamp-validation = no

This stanza entry is used primarily for compatibility with prior versions of WebSEAL. Failover authentication cookies created by WebSEAL servers prior to version 5.1 do not contain this timestamp. For compatibility with failover cookies created by WebSEAL servers prior to version 5.1, set this entry to "no".

• When this value is "no", and the session lifetime timestamp is missing from the failover cookie, the receiving server will view the cookie as valid.
• When this value is "yes", and the session lifetime timestamp is missing from the failover cookie, the receiving server will view the cookie as not valid.
• When this value is either "no" or "yes", and the session lifetime timestamp is present in the failover cookie, the receiving server evaluates the timestamp. If the timestamp is not valid, the authentication fails. If the timestamp is valid, the authentication process proceeds.

The session lifetime timestamp is configured separately from the session activity timestamp.

Parent topic: Failover authentication configuration