You can specify additional settings for session management
through setting custom properties.
To specify custom properties for session management, use the following
steps:
- In the administrative console click .
- Under Additional Properties select Custom
Properties.
- On the Custom Properties page, click New.
- On the settings page, enter the property that you want to configure
in the Name field and the value that you want
to set it to in the Value field.
- Click Apply or OK.
- Click Save on the console task bar to save
your configuration changes.
- Restart the server.
- AlwaysEncodeURL
- Use this property to indicate whether URLs are encoded when cookies
are available. The Servlet 2.5 specification specifies to not encode
the URL on a response.encodeURL call if it is not necessary. By default,
URLs are always encoded, even if the browser supports cookies. If
you do not want URLs encoded when cookies are available, set this
property to false.
- CloneSeparatorChange
- Use this property to maintain session affinity. The clone ID of
the server is appended to session identifier separated by colon. On
some Wireless Application Protocol (WAP) devices, a colon is not allowed.
Set this property to "true" to change clone separator to a plus sign
(+).
- HideSessionValues
- Use this property to prevent the logging of session attribute
values in session manager traces. Applications store these session
attribute values. However, you might not want to see these values
in application server traces. The default value is false.
- HttpSessionCloneId
- Use this property to change the clone ID of the cluster member.
Within a cluster, this name must be unique to maintain session affinity.
When set, this name overwrites the default name generated by WebSphere
Application Server.
Default clone ID length: 8
or 9
Default clone ID length: 40
Best practice: You can set
this property as a session management custom property, which is the
preferred level at which to specify this property.
bprac
- HttpSessionIdLength
- Use this property to configure the session identifier length.
Do not use an extremely low value; using a low value results in reduced
number of combinations possible, thereby increasing risk of guessing
the session identifier. In a cluster, all cluster members should be
configured with same ID length. Allowed range: 8 to 128. Default length:
23.
- HttpSessionReaperPollInterval
- Use this property to set a wake-up interval for the process that
removes invalid sessions. Setting this property overrides the default
installation value, which is between 30 and 360 seconds. If the maximum
inactive interval is less than 2 minutes, the reaper poll interval
may be as short as 30 seconds. If the maximum inactive interval is
more than 15 minutes, the reaper poll interval can be as long as 6
minutes. Because the default timeout and maximum inactive interval
is 30 minutes, the reaper interval is usually between 5 and 6 minutes.
Set this property if you want to ensure that the reaper process runs
at a specific interval. Use this property when you want the installation
timed out sessions invalidated more frequently than 5 to 6 minutes.
For example, setting HttpSessionReaperPollInterval=120 ensures that
sessions are invalidated within 2 minutes of timing out. The minimum
value for this property is 30 seconds. If a value less than the minimum
is entered, the specified property is ignored and an appropriate value
is automatically determined and used. The maximum inactive interval
is the session timeout. The default is based on maximum inactive interval
set in session management.
Data type |
Integer |
Units |
Seconds |
- NoAdditionalSessionInfo
- Set this value to "true" to force removal of information that
is not needed in session identifiers.
- NoAffinitySwitchBack
- Set this property to "true" to maintain affinity to the new member
even after original one comes back up. When a cluster member fails,
its requests routed to a different cluster member, and sessions are
activated in that other member. Thus, session affinity is maintained
to the new member, and when failed cluster member comes back up, the
requests for sessions that were created in the original cluster member
are routed back to it. Allowed values, true or false. Default: false.
Set
this property to "true" when you have distributed sessions configured
with time-based write. Note that this property has no affect on the
behavior when distributed sessions is not enabled.
-
OptimizeCacheIdIncrements ![[Updated in July 2010]](../../deltaend.gif)
jul2010
-
Set the OptimizeCacheIdIncrements custom property to true
to make the session manager assess whether the in-memory session for
a web module is older than the copy in persistent store. Setting this
property resolves the continually increasing cache ID.If HTTP session
management is configured to use session persistence and the user's
browser session is moving back and forth across multiple web applications
you might see extra persistent store activity as the in-memory sessions
for a web module are refreshed from the persistent store. As a result,
the cache IDs are continually increasing and the in-memory session
attributes are overwritten by those of the persistent copy.
If
the configuration is a cluster, ensure that the system times of each
cluster member is identical as possible.
Avoid trouble: You must have Fix
Pack 6.1.0.13 or higher installed on your system before you can use
this custom property.
gotcha
![[Updated in July 2010]](../../deltaend.gif)
jul2010
- SessionIdentifierMaxLength
- Use this value to set maximum length that a session identifier
can grow. In
a cluster, because of fail-over when a request goes to new cluster
member, session management appends a new clone ID to the existing
clone ID. In a large cluster, if for some reason servers are failing
more often, then it is possible that the session identifier length
can be more than expected reducing room for URL. This property
helps to find out the condition and take appropriate action to address
servers fail-over. When this is specified, message is logged when
specified maximum length is reached. Allowed value: integer.
- SessionRewriteIdentifier
- Use this property to change the key used with URL rewriting. Default
key: jsessionid.