SessionGracePeriod exceptions

Document ID : KB000122954
Last Modified Date : 13/12/2018
Show Technical Document Details
Introduction:

Web pages usually consist of many resources, all of which are potentially protected by the Web Agent. For each resource associated with a single request, a session (SMSESSION) cookie is generated by default. When the Agent generates multiple session cookies for a single user request, this action causes overhead. To eliminate the overhead, set the following parameter:

SessionGracePeriod

Specifies the number of seconds the agent waits from the last accessed time of the received session cookie before it generates a new session cookie. Set the SessionGracePeriod to 0 to disable the setting. If the setting is disabled, the agent updates session cookies for every request instead of skipping updates.


There are times in which the session cookie will still be updated within the Session Grace Period calculation. Specifically any time the Web Agent has to make a request to the Policy Server. 
Instructions:
Scenario 1 

When the user successfully authenticates, the Web Agent's User Session cache is updated. This cache reduces the number of Login/Authorized/Validate calls made by the Web Agent to the Policy Server. 

If the session cache entry is gone, from exceeding the max size, age or a cache flush, then the Web Agent will make a Validate call to the Policy Server leading to the session cookie being updated. The session cookie value is updated because the current server time, idle timeout, max timeout etc is updated. 


Scenario 2 

User successfully authenticates to Web Agent A. User session cache is updated on Web Agent A.
Next, while still within the Session Grace Period, the user goes to a resource on Web Agent B. Web Agent B has no user session cache entry for the user and therefore must make a call to the Policy Server to Validate this session. This again leads to the session cookie being updated. The session cookie value is updated because the current server time, idle timeout, max timeout etc is updated.