How is everyone handling idle time-outs and session time-outs for API calls for a given user?
I think you may be looking for utilizing JSESSIONID in the cookie to manage user sessions passing through the gateway to the back end servers. We normally see customers using this method to track user sessions between multiple application servers. The gateway would simply just pass them through as we do not manage or maintain these sessions.
Director, CA Support
The load may be opening a ton of connections that remain open and are affecting performance. This is the solution to enable pool management and timeout idle sessions:
- add the following to the /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties file: com.l7tech.server.policy.assertion.ServerHttpRoutingAssertion.statePool.enable=true
- modify this cluster-wide property from 0s to 5s io.httpConnectionIdleTimeout
Restart the gateway after making these changes.
Thanks Kemal. I should have been more clear on user session vs connection
But these settings looks interesting as well.
I am more specifically asking around user sessions vs connections.
So we are doing something like that already (with IAM stack) but I am looking to see if we can do this on the Gateway without the need of a backend or IAM for session mgmt. We just want to utilize IAM for pure authentication.
Retrieving data ...