WebSEAL session cache structure
The WebSEAL session cache can be represented as an internal table
where WebSEAL stores information about all sessions established by
authenticated users. The session key, stored with the client, is a
locator index to the associated session data stored in the WebSEAL
session cache.
Each user session is represented by an entry in the cache table.
Each cache entry contains the following types of information:
- Session key
The session key (the WebSEAL session ID) is a unique identifier, or key, sent with each request made by that user. The session key identifies the specific cache entry for that user.
- Cache data
The most important data stored in the cache entry is the user credential. The credential is required whenever the user requests protected resources. The authorization service uses the credential information to permit or deny access to the resource.
WebSEAL can mark, or "flag", a cache entry to support certain functionality. For example, when session inactivity reauthentication is enabled, a cache entry is "flagged" when the session inactivity value has expired.
- Timestamps
The creation timestamp for the cache entry becomes the reference point for the session lifetime value. The "last active" timestamp for the cache entry becomes the reference point for the session inactivity timer.
The user credential is an encoded opaque data structure representing the authenticated user. The credential contents can include:
- User name
- Group memberships
- Extended attributes
Extended attributes allow us to store customized data in the user credential.
Parent topic: Session state overview
Related concepts
- Session state concepts
- Supported session ID data types
- Information retrieved from a client request
- Validation of the client identifier for a session
- Deployment considerations for clustered environments
- Options for handling failover in clustered environments