SessionManager
Configuration for session support in the Web container. When configuring the Session Manager, you can specify:
- Whether to enable sessions
- How to convey session IDs to servlets (cookies or URL rewriting)
- AE: Whether to save session data in a database during execution (persistent sessions)
- Whether to add session IDs to URLs in transition from HTTP to HTTPS and back (protocol switch rewriting).
Inherits from type Service and adds the following.
Attributes Summary
enableUrlRewriting Specifies whether the Session Manager uses rewritten URLs to carry the session IDs. enableCookies Whether session tracking will use cookies to carry session IDs. enableSSLTracking Whether session tracking uses SSL to carry session IDs. enableProtocolSwitchRewriting Whether the session ID is added to a URL when the URL requires a switch from HTTP to HTTPS or from HTTPS to HTTP. sessionPersistenceMode When enabled, the session manager will persist session information into the datasource specified by the datasourceConnection settings. enableSecurityIntegration When security integration is enabled, the Session Manager will associate the identity of users with their HTTP sessions. allowSerializedSessionAccess By default, access to session is concurrent. maxWaitTime When allow serialized session access is enabled, this value specifies the maximum amount of time (in milliseconds) that a request thread which is waiting to access the session will be blocked. accessSessionOnTimeout When allow serialized session access is enabled, this option specifies what happens if max wait time has been reached for a request thread. defaultCookieSettings Session tracking through HTTP cookies is the most used session tracking mechanism and is required to be supported by all servlet containers. sessionDatabasePersistence Specifies information about the data source that the session manager will use to obtain database connections. tuningParams Tuning parameters for session management. sessionDRSPersistence
Attribute Details
enableUrlRewriting
Specifies whether the Session Manager uses rewritten URLs to carry the session IDs. If URL rewriting is enabled, the Session Manager recognizes session IDs that arrive in the URL and, if necessary, rewrites the URL to send the session IDs.
Data type: Boolean
Default value: false
enableCookies
Whether session tracking will use cookies to carry session IDs. If cookies are enabled, session tracking will recognize session IDs that arrive as cookies and try to use cookies for sending session IDs. If cookies are not enabled, session tracking will use URL rewriting instead of cookies (if URL rewriting is enabled). Enabling cookies takes precedence over URL rewriting.
Data type: Boolean
Default value: true
enableSSLTracking
Whether session tracking uses SSL to carry session IDs. Enabling SSL tracking takes precedence over cookie-based session tracking.
Data type: Boolean
Default value: false
enableProtocolSwitchRewriting
Whether the session ID is added to a URL when the URL requires a switch from HTTP to HTTPS or from HTTPS to HTTP. If rewriting is enabled, the session ID is required in order to go between HTTP and HTTPS.
Data type: Boolean
Default value: false
sessionPersistenceMode
When enabled, the session manager will persist session information into the datasource specified by the datasourceConnection settings. Specifies whether to save session data in a database, or discard the session data when the server shuts down. True - The session data is stored in a database False - The session data is kept in memory for a single instance of the servlet engine For changes to take effect, this property requires stopping and restarting the appserver with which the session manager is associated.
Data type: SessionPersistenceKind
Default value: unspecified
Allowed Values: NONE DATABASE DATA_REPLICATION
enableSecurityIntegration
When security integration is enabled, the Session Manager will associate the identity of users with their HTTP sessions.
Data type: Boolean
Default value: false
allowSerializedSessionAccess
By default, access to session is concurrent. When true, this option forces all session access by an application to be serialized, so that the web container can manage conconcurrency control to session data; rather than forcing customers to code access control logic in their applications.
Data type: Boolean
Default value: false
maxWaitTime
When allow serialized session access is enabled, this value specifies the maximum amount of time (in milliseconds) that a request thread which is waiting to access the session will be blocked.
Data type: Integer
Default value: 0
accessSessionOnTimeout
When allow serialized session access is enabled, this option specifies what happens if max wait time has been reached for a request thread. If true, the thread is allowed to access the session; if false, an exception is thrown to the web application.
Data type: Boolean
Default value: true
defaultCookieSettings
Session tracking through HTTP cookies is the most used session tracking mechanism and is required to be supported by all servlet containers. The container sends a cookie to the client. The client will then return the cookie on each subsequent request to the server unambiguously associating the request with a session. The name of the session tracking cookie must be JSESSIONID.
Data type: Cookie
sessionDatabasePersistence
Specifies information about the data source that the session manager will use to obtain database connections.
Data type: SessionDatabasePersistence
tuningParams
Tuning parameters for session management.
Data type: TuningParams
sessionDRSPersistence
Data type: DRSSettings