Option 4: The distributed session cache

The distributed session cache is used for session storage by all WebSEAL servers in the cluster. When a client fails over, the new WebSEAL server can retrieve the user's session data from the distributed session cache and therefore avoid prompting the user to log in again.

Like failover cookies, the distributed session cache allows consistent inactivity and lifetime timeout tracking across all of the WebSEAL servers in the cluster. Also like failover cookies, the distributed session cache allows for single-signon across multiple WebSEAL clusters in the same DNS domain.

The distributed session cache reduces the security risk that is posed by the failover cookie, since only a normal session cookie is used.

The distributed session cache also provides extra features that are not available with any other method of maintaining session state across server clusters. For example, the distributed session cache allows customer support personnel and WebSEAL administrators to view all of the users who are logged in to the cluster at a given time.

The distributed session cache also supports a max-concurrent-web-sessions policy that limits the number of concurrent sessions allowed per user.

For information about the distributed session cache, see Advanced configuration for the distributed session cache.

Parent topic: Options for handling failover in clustered environments