StorageServiceSessionCache
- Rod Widdowson
- Scott Cantor
Overview
Identified by type="StorageService", this session cache implementation stores session data using a previously-defined <StorageService> plugin. It has a hybrid design that also buffers frequently-used sessions inside the web server processes as they come and go, to minimize repeated transfers of data across the process boundary. Memory use can be tuned.
The implementation also divides its storage needs into two classes, which for historical reasons the author doesn't even remember, are termed "light" and "not light". The practical difference is that operations related to making SAML logout work are termed "light" and can be diverted to a separate storage back-end by specifying the StorageServiceLite attribute.
What makes the name confusing at this point is that, in practice, you might use this to actually divert the logout storage operations to a heavier option like a memcache or database service because they have to be visible across a cluster for logout to be useful, whereas the standard session store might just be left local and in-memory. The name essentially refers more to the fact that the logout-related operations will be less frequent.
Reference
Attributes
Attributes specific to this type include:
Name | Type | Default | Description |
|---|---|---|---|
StorageService | XML ID | Reference to the id attribute of a previously defined <StorageService> element. When omitted, the default in-memory storage back-end is used. | |
StorageServiceLite | XML ID | Reference to the id attribute of a previously defined <StorageService> element. This allows a separate storage back-end to be used for a subset of the cache's needs that specifically pertain to logout-related requirements (see further discussion above). When omitted, the StorageService attribute governs all storage cases. | |
cleanupInterval | time in seconds | 900 | Interval in seconds between background cleanup of the in-web-server cache of frequently used sessions. The underlying storage service may have a separate setting in its own right to regulate its own cleanup. |
inprocTimeout | time in seconds | 900 | Period of inactivity after which unused sessions can be deleted from the in-web-server cache. Set to a higher value to increase performance and memory usage, or a lower value to decrease memory usage and performance. This setting only adjusts performance trade-offs and does not cause any sessions to be purged from underlying cache storage. |
cacheAssertions | boolean | false (true for legacy configurations) | Determines whether to store copies of SAML assertion(s) supplied during the creation of the session. Can usually be turned off to save memory and improve performance of cache. |
inboundHeader | string | If set, the cache will look for the session key in the specified HTTP request header in addition to a Cookie header. | |
outboundHeader | string | If set, the cache will return a created session key in the specified HTTP response header in addition to a Set-Cookie header. | |
softRevocation | boolean | true | Determines whether the cookie-based session recovery feature is willing to overlook failed storage operations to see if a session might have been revoked by a logout. |
Example
<SessionCache type="StorageService" StorageService="db" cacheAllowance="3600" inprocTimeout="900" cleanupInterval="900"/>