Layer7 API Management

How is everyone handling idle time-outs and session time-outs for API calls for a given user?

Hi Justus, 

The load may be opening a ton of connections that remain open and are affecting performance. This is the solution to enable pool management and timeout idle sessions:

- add the following to the /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties file:
com.l7tech.server.policy.assertion.ServerHttpRoutingAssertion.statePool.enable=true

- modify this cluster-wide property from 0s to 5s
io.httpConnectionIdleTimeout

Restart the gateway after making these changes.

Thanks 

Kemal 

Thanks Kemal. I should have been more clear on user session vs connection 

But these settings looks interesting as well.

I am more specifically asking around user sessions vs connections.

Justus,

I think you may be looking for utilizing JSESSIONID in the cookie to manage user sessions passing through the gateway to the back end servers. We normally see customers using this method to track user sessions between multiple application servers. The gateway would simply just pass them through as we do not manage or maintain these sessions.

Sincerely,

Stephen Hughes

Director, CA Support

Stephen,

So we are doing something like that already (with IAM stack) but I am looking to see if we can do this on the Gateway without the need of a backend or IAM for session mgmt. We just want to utilize IAM for pure authentication.

Thanks,

Justus