Session Configuration
From Resin 3.0
Session configuration occurs in three contexts:
- In the web-app's <session-config>
- In the <server> cookie configuration
- In the persistent session configuration
The <server> block has a separate cookie configuration because the load-balancers need to detect and parse the session cookie on a server-wide basis to implement sticky sessions.
session-config
attribute | meaning | default |
---|---|---|
always-load-session | For persistent sessions, always query the database for updates | false |
always-save-session | For persistent sessions, always save the session at the end of a request | false |
cookie-domain | The host domain for the cookie, e.g. foo.com | none |
cookie-length | The number of characters in the session cookie | 18 |
cookie-max-age | How long a cookie should be stored in a browser | none - the browser session |
cookie-modulo-cluster | Controls the cookie generation for sticky sessions and clustering | false |
cookie-port | Controls the cookie's required port | none |
cookie-secure | If true, the browser will only send the cookie on a secure connection | false |
cookie-version | The specification number of the cookie spec | 0 |
enable-cookies | If true, generate and use session cookie | true |
enable-url-rewriting | If true, generate and use URL rewriting | true |
ignore-serialization-errors | For persistent sessions, skip non-serializable attribute | false |
invalidate-after-listener | If true, invalidate the session only after the session listeners are called | true |
reuse-session-id | true| | |
save-only-on-shutdown | If true, persistent sessions are only saved when the server shuts down gracefully | false |
session-max | The maximum number of sessions in memory at any time (LRU) | 4096 |
session-timeout | How long an idle session should live before being timed out (in minutes) | 30 |
use-persistent-store | If true, enable persistent storage for the session | false |
<server> configuration for sessions
The attributes belong in the <server> block
Attribute | Meaning | Default |
---|---|---|
alternate-session-url-prefix | An alternative URL prefix for sessions | none |
session-cookie | The cookie to use for sessions | JSESSIONID |
ssl-session-cookie | The cookie to use for sessions for an SSL port | JSESSIONID |
session-url-prefix | The URL fragment to use for URL-rewriting | ;jsessionid= |