966 WebSphere Application Server V8.5 Administration and Configuration Guide for the Full Profile
For more information about the session security, refer to the following website:
http://fred.rtp.raleigh.ibm.com:8680/help/index.jsp?topic=/com.ibm.websphere.nd.do
c/ae/rprs_secg.html
28.2 Session management configuration
There are three levels of session management configuration:
Web container (the default level): Configuration at this level is applied to all web modules
within the server.
Application: Configuration at this level is applied to all web modules within the application.
Web module: Configuration at this level is applied only to that specific web module.
When you configure session management at the web container level, all applications and the
respective web modules in the web container normally inherit that configuration. However,
you can set up different configurations individually for specific applications and web modules
that vary from the web container default.
28.2.1 Session management properties
With the exception of the Overwrite session management parameter, the session
management properties are the same at each configuration level. The following list describes
the parameters available:
Overwrite session management determines whether these session management settings
are used for the current module or inherited from the parent object. Only the application
level or the web module level have such parameters.
Session tracking mechanism lets you select from cookies, URL rewriting, and SSL ID
tracking. Selecting cookies leads you to a second configuration page that contains further
configuration options.
Maximum in-memory session count specifies the maximum number of sessions to keep in
memory. Default value is 1000 sessions:
– For local sessions, this value specifies the number of sessions in the base session
table.
– For persistent sessions, this value specifies how many sessions are cached before
manual updates or before the session manager reverts to reading a session from the
persistent storage automatically.
Allow overflow specifies whether to allow the number of sessions in memory to exceed
the value specified in the maximum in-memory session count field.
For local sessions, use the Allow overflow option to manage session storage. Sessions
can either be limited to store in the primary cache table of the session manager, or
optioned to allow additional sessions to be stored in secondary extended tables.
Session timeout specifies the amount of time to allow a session to remain idle before
invalidation. The default value is 30 minutes. This setting is important for performance
Important: Allowing an unlimited amount of sessions can potentially exhaust system
memory and even allow for system sabotage. For best performance, define a primary
cache of sufficient size to hold the normal working set of sessions for a given
application server.
Get WebSphere Application Server V8.5 Administration and Configuration Guide for the Full Profile now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
