...
Name | Type | Default | Description |
---|---|---|---|
| string | StorageService | Specifies the type of Session Cache plugin to use. |
cacheAllowance | seconds | 0 | Adds the time specified to a session's application-derived timeout setting to determine the amount of extra time, if any, to leave an expired session in the cache (this is basically "slop" time to make logout more reliable). If timeouts are disabled in a given case, then this setting still applies, so may also act as a lower bound on the practical lifetime of sessions in the cache. If both timeouts and this setting are zeroed, then the lifetime is itself the only bound on the session's expiration from the cache. |
maintainReverseIndex | boolean | true | When false, disables the ability to reverse map from a SAML Name Identifier to the associated session(s). This is required for SAML logout, but is unused otherwise, so can be disabled to improve performance. |
reverseIndexMaxSize | integer | 0 | Limits the number of sessions tracked by the reverse index for a given identifier, or no limit by default. |
excludeReverseIndex | whitespace-delimited list of strings | Supplies a list of Name Identifier values to exclude from the reverse mapping of identifiers to sessions. Useful to maintain logout support, but exclude identifiers used in load testing or monitoring. | |
persistedAttributes | whitespace-delimited list of strings | Enables support for a new feature in V3, a session recovery capability that allows sessions to cross server nodes by saving important data to an encrypted cookie and reconstituting the session as needed. This is described above. | |
| whitespace-delimited list of CIDR masks | This is a modifier that loosens the comparison performed by the session cache when the <Sessions> element's consistentAddress setting is "true". It permits session use if both the bound address in the session and the client's current address both live within a particular network as defined by one of the values in the list. |
Common Child Elements
None