Previous Topic: How Persistent Sessions for User Security Contexts Are Maintained

Next Topic: Windows User Security Context Requirements

How Sessions Are Revalidated

You can explicitly configure the Web Agent, working through the Policy Server, to contact the session server to revalidate a session. A session cookie stored in the user's browser contains the session ID, which the cookie uses to reacquire the user's credentials from the session server.

Note: If the session cookie becomes invalid, the credentials associated with the ID also become invalid and the user must reauthenticate.

The frequency at which the Agent revalidates a session is determined by a configurable value called the validation period. The validation period defines how long the Agent can keep a session active using the information in its cache before contacting the session server for updates.

If the validation period is too small, the Agent goes back to the session server frequently, slowing down SiteMinder performance when processing requests. Therefore, you want to set the validation value to a high number. If the number of active sessions is lower than the Agent's maximum user session cache value, the Agent uses the cached information instead of contacting the session server.

Note: If the session server is not operating, the validation period is infinite and the Agent will not contact the session server.

For instructions on configuring the validation period, see Configure a Realm.


Copyright © 2010 CA. All rights reserved. Email CA about this topic