Session Configuration
From Resin 3.0
Session configuration occurs in three contexts:
- In the web-app's <session-config>
- In the <server> cookie configuration
- In the persistent session configuration
The <server> block has a separate cookie configuration because the load-balancers need to detect and parse the session cookie on a server-wide basis to implement sticky sessions.
session-config
| attribute | meaning | default |
|---|---|---|
| always-load-session | For persistent sessions, always query the database for updates | false |
| always-save-session | For persistent sessions, always save the session at the end of a request | false |
| cookie-domain | The host domain for the cookie, e.g. foo.com | none |
| cookie-length | The number of characters in the session cookie | 18 |
| cookie-max-age | How long a cookie should be stored in a browser | none - the browser session |
| cookie-modulo-cluster | Controls the cookie generation for sticky sessions and clustering | false |
| cookie-port | Controls the cookie's required port | none |
| cookie-secure | If true, the browser will only send the cookie on a secure connection | false |
| cookie-version | The specification number of the cookie spec | 0 |
| enable-cookies | If true, generate and use session cookie | true |
| enable-url-rewriting | If true, generate and use URL rewriting | true |
| ignore-serialization-errors | For persistent sessions, skip non-serializable attribute | false |
| invalidate-after-listener | If true, invalidate the session only after the session listeners are called | true |
| reuse-session-id | true| | |
| save-only-on-shutdown | If true, persistent sessions are only saved when the server shuts down gracefully | false |
| session-max | The maximum number of sessions in memory at any time (LRU) | 4096 |
| session-timeout | How long an idle session should live before being timed out (in minutes) | 30 |
| use-persistent-store | If true, enable persistent storage for the session | false |
<server> configuration for sessions
The attributes belong in the <server> block
| Attribute | Meaning | Default |
|---|---|---|
| alternate-session-url-prefix | An alternative URL prefix for sessions | none |
| session-cookie | The cookie to use for sessions | JSESSIONID |
| ssl-session-cookie | The cookie to use for sessions for an SSL port | JSESSIONID |
| session-url-prefix | The URL fragment to use for URL-rewriting | ;jsessionid= |
