Enforcing the maximum concurrent sessions policy
Use the enforce-max-sessions-policy stanza entry in the [session] stanza of the WebSEAL configuration file to control whether or not a specific WebSEAL instance enforces the max-concurrent-web-sessions policy.
- To set this WebSEAL instance to enforce the max-concurrent-web-sessions policy, enter a value of yes (default). For example:
[session] enforce-max-sessions-policy = yes
To set this WebSEAL instance to not enforce the max-concurrent-web-sessions policy, enter a value of no. For example: [session] enforce-max-sessions-policy = noThis stanza entry is effective only when we have configured the distributed session cache to manage sessions for the environment.[session] dsess-enabled=yes
By default, all systems in the distributed session environment enforce this policy:
[session] enforce-max-sessions-policy = yes
We can modify the enforce-max-sessions-policy stanza entry for specific WebSEAL instances in the same environment to disable enforcement of the max-concurrent-web-sessions policy: [session] enforce-max-sessions-policy = no
Users accessing those WebSEAL servers with enforce-max-sessions-policy = no can have unlimited login sessions.
For information on setting the maximum concurrent sessions policy, see Set the maximum concurrent sessions policy. Maximum concurrent sessions policy is enforced on a per replica set basis.
Example
Use the pdadmin policy set command to globally specify a maximum concurrent session policy of 1:
pdadmin> policy set max-concurrent-web-sessions 1
Parent topic: Maximum concurrent sessions policy