The WebSEAL session cache can be represented as an internal table
where WebSEAL stores information about all sessions established by
authenticated users. The session key, stored with the client, is a
locator index to the associated session data stored in the WebSEAL
session cache.
Figure 1. WebSEAL session cache
Each user session is represented by an entry in the cache table.
Each cache entry contains the following types of information:
Session key
The session key (the WebSEAL
session ID) is a unique identifier, or key, sent with each
request made by that user. The session key identifies the specific
cache entry for that user.
Cache data
The most important data
stored in the cache entry is the user credential.
The credential is required whenever the user requests protected resources.
The authorization service uses the credential information to permit
or deny access to the resource.
WebSEAL can mark, or "flag",
a cache entry to support certain functionality. For example, when
session inactivity reauthentication is enabled, a cache entry is "flagged"
when the session inactivity value has expired.
Timestamps
The creation timestamp for
the cache entry becomes the reference point for the session lifetime
value. The "last active" timestamp for the cache entry becomes the reference point for the session inactivity timer.
The user credential is an encoded opaque
data structure representing the authenticated user. The credential
contents can include:
User name
Group memberships
Extended attributes
Extended attributes allow us to store
customized data in the user credential.