Previous Topic: Implement the Rewritable Interface

Next Topic: Session Storage API

Use an IP Address Session Scheme

The default SPS installation includes an IP address session scheme. This scheme maps a session using the IP address of the client. When a user makes a request, the SPS retrieves the client’s IP address from the HTTP headers and uses this to generate the session key for the client’s session.

The IP address session scheme was created using the session scheme API. The source code for this scheme can be found in the directory sps_home\secure-proxy\proxy-engine\examples\sessionschemes.

Note: In the sample session scheme file, a backslash (\) character indicates that the line should continue, but must be interrupted due to space constraints in this document.

To implement an IP address session scheme

  1. Add a <SessionScheme> section to your server.conf file like the following:
    <SessionScheme name="ip_address">
    
    class="com.netegrity.proxy.session.IPAddrSessionScheme"
    accepts_smsession_cookies="false"
    allowed_proxied_addresses="true"
    
    </SessionScheme>
    

    The directives are:

    class

    This directive specifies the Java class that handles IP address session schemes. This value should not be modified if you want to use the default IP address session scheme installed with the SPS.

    Default: com.netegrity.proxy.session.IPAddrSessionScheme

    accepts_smsession_cookies

    Indicates that SiteMinder smsession cookies are not supported by this session scheme. To ensure a cookieless session using the IP address scheme, the value of this directive should not be changed.

    Default: false

    allowed_proxied_addresses

    Indicates whether or not requests will be validated using the SessionScheme.isValidRequest call. Set the value to true to allow the use of proxied addresses. Accept the default, false to use the isValidRequest method for determining if the VIA HTTP header variable is present. If this variable is present, the SPS determines that the address is proxied and blocks the request.

    Default: true

  2. Map the session scheme to one or more user agents for a virtual host in the server.conf file.
  3. Restart the SPS.