Note: this component has a complexity level of "expert", which means that objects of this type are not expected to be created or altered. Please contact UnboundID support for assistance if you believe that you have a need to create or modify this type of object.
The LDAP HTTP Session Manager supports session clustering by persisting sessions to a remote directory service over LDAP. Session clustering should be used to support session failover between Identity Broker instances as well as environments that have a large amount of users and sessions. This feature is experimental and should not be used unless instructed to do so by UnboundID support.
Each Identity Broker instance that received the HTTP request caches sessions locally while writing any changes to the session through to the cluster upon completion of request processing. Any web application and HTTP servlet extensions must only store Serializable objects in the session and must call the Session.setAttribute() methods to ensure changes are persisted.
This session clustering mechanism should be used with a HTTP load balancer that supports stickiness. For load balancers that examine the session ID, the LDAP HTTP Session Manager appends the Identity Broker instance ID to the session ID, which may be used for routing.
↓Parent Component
↓Relations To this Component
↓Properties
↓dsconfig Usage
The LDAP HTTP Session Manager component inherits from the HTTP Session Manager
The following components have a direct aggregation relation from LDAP HTTP Session Manager:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ session-tracking-mode | |
| ↓ session-idle-time-limit | |
| ↓ session-flush-interval | |
| ↓ scavenge-interval | |
| ↓ load-balancing-algorithm | |
| ↓ base-dn |
| Description | A description for this HTTP Session Manager |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the mechanism used to track HTTP sessions between subsequent requests. Use of cookies is the most common and simplest way to track HTTP sessions. In such a case the server will send a cookie with the session ID to the client so that the session will be recognized in subsequent requests. However, some clients may not support cookies and end users may disable their use in browsers. In such cases URL rewriting can be used as a workaround which will include the session ID as a query parameter in the request URL. Not only will the session ID be visible to end users, all web application and HTTP servlet extensions must include the session ID when generating URLs. The additional security risk and possible extra programming necessary should be considered when deciding whether to support URL rewriting. |
| Default Value | cookie url |
| Allowed Values | cookie - Sessions will be tracked using HTTP cookies. url - Sessions will be tracked using URL rewriting. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the maximum length of time that a session may be idle before it expires and is invalidated. A duration of zero hours indicates that sessions will never expire. |
| Default Value | 24h |
| Allowed Values | A duration. Lower limit is 0 seconds. Upper limit is 2147483647 seconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the interval at which session access times are periodically flushed to the remote directory service and locally cached sessions are reloaded from the remote directory service. This prevents the directory service from being overloaded when a session is accessed very frequently without any changes to the attributes. However if the session attributes are updated, then the session is persisted immediately. |
| Default Value | 60s |
| Allowed Values | A duration. Lower limit is 1 seconds. Upper limit is 2147483647 seconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the interval at which checks for expired sessions in the remote directory service are performed. Specifies the recurring period that the scavenging task evaluates the state of a session periodically in the background. |
| Default Value | 10m |
| Allowed Values | A duration. Lower limit is 0 seconds. Upper limit is 2147483647 seconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the default load-balancing algorithm that will be used to select the backend server for persisting sessions using this LDAP HTTP Session Manager. |
| Default Value | None |
| Allowed Values | The DN of any Load Balancing Algorithm. Load-balancing algorithms associated with LDAP HTTP Session Manager must be enabled. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | The LDAP HTTP Session Manager must be disabled and re-enabled for changes to this setting to take effect. Any HTTP connection handlers must be restarted before changes will take effect. |
| Description | Specifies the base DN where session entries will be managed. |
| Default Value | None |
| Allowed Values | A valid DN. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured HTTP Session Manager:
dsconfig list-http-session-manager
[--property {propertyName}] ...
To view the configuration for an existing HTTP Session Manager:
dsconfig get-http-session-manager-prop
--manager-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing HTTP Session Manager:
dsconfig set-http-session-manager-prop
--manager-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new LDAP HTTP Session Manager:
dsconfig create-http-session-manager
--manager-name {name}
--set load-balancing-algorithm:{propertyValue}
--set base-dn:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing HTTP Session Manager:
dsconfig delete-http-session-manager
--manager-name {name}