Page Comparison

type

string

StorageService

Specifies the type of Session Cache plugin to use.

cacheAllowance 

seconds

0

Adds the time specified to a session's application-derived timeout setting to determine the amount of extra time, if any, to leave an expired session in the cache (this is basically "slop" time to make logout more reliable).

If timeouts are disabled in a given case, then this setting still applies, so may also act as a lower bound on the practical lifetime of sessions in the cache. If both timeouts and this setting are zeroed, then the lifetime is itself the only bound on the session's expiration from the cache.

maintainReverseIndex 

boolean

true

When false, disables the ability to reverse map from a SAML Name Identifier to the associated session(s). This is required for SAML logout, but is unused otherwise, so can be disabled to improve performance.

reverseIndexMaxSize

integer

0

Limits the number of sessions tracked by the reverse index for a given identifier, or no limit by default.

excludeReverseIndex 

whitespace-delimited list of strings

Supplies a list of Name Identifier values to exclude from the reverse mapping of identifiers to sessions. Useful to maintain logout support, but exclude identifiers used in load testing or monitoring.

persistedAttributes

whitespace-delimited list of strings

Enables support for a new feature in V3, a session recovery capability that allows sessions to cross server nodes by saving important data to an encrypted cookie and reconstituting the session as needed. This is described above.

unreliableNetworks 3unreliableNetworks ^3.1

whitespace-delimited list of CIDR masks

This is a modifier that loosens the comparison performed by the session cache when the <Sessions> element's consistentAddress setting is "true". It permits session use if both the bound address in the session and the client's current address both live within a particular network as defined by one of the values in the list.