Session management custom properties

You can specify additional settings for session management through setting custom properties.

Session management properties, like the session management configuration, can be configured at the server, application, or Web module level. The following steps are for setting the custom properties for session management at the server level.
  1. In the administrative console click Servers > Server Types > WebSphere application servers > server_name > Session management.
  2. Under Additional Properties select Custom Properties.
  3. On the Custom Properties page, click New.
  4. On the settings page, enter the property that you want to configure in the Name field and the value that you want to set it to in the Value field.
  5. Click Apply or OK.
  6. Click Save on the console task bar to save your configuration changes.
  7. Restart the server.
You can use the custom properties page to define the following session management properties:

AlwaysEncodeURL

The Servlet 2.5 specification specifies to not encode the URL on a response.encodeURL call if it is not necessary. To support backward compatibility when URL encoding is enabled, set the AlwaysEncodeURL custom property to true to call the encodeURL method. The URL is always encoded, even if the browser supports cookies. Set this property to true to encode all URLs. The property must be configured at the web container level.

checkSessionNewOnIsValidRequest

Use this property to specify whether the server can handle multiple simultaneous client requests when HttpSessionIdReuse is enabled.

By default, the session manager handles one client request at a time when property HttpSessionIdReuse is also enabled. Set checkSessionNewOnIsValidRequest to false to allow the session manager to handle multiple simultaneous requests from a client when HttpSessionIdReuse is enabled. If HttpSessionIdReuse is not enabled, this property has no effect.

You must restart the server for the configuration change to take effect.

The default value for this property is true.

CloneSeparator

Use this property to specify a different character as the clone separator in session cookies. The value specified for this custom property must be a single character.

This property was set as a Web container custom property in version 6.1 but must now be set as a session management custom property.

Best practice Best practice: This property should only be used as a means to provide more flexibility if you have a situation where you cannot use either a colon (:), or a plus sign (+) as the clone separator in session cookies. You should understand the clone character requirements of other products running on your system before using this property to change the clone separator character.

The fact that any character can be specified as the value for this custom property does not imply that the character you specify will function correctly. This fact also does not imply that IBM is responsible for fixing any problem that might arise from using an alternative character.

Avoid trouble Avoid trouble: If the JVM you are configuring is part of a cluster, make sure to configure other cluster members with this property and using the same value in order for the plugin to maintain affinity. Plugin regeneration and propagation are required after configuration.gotcha
bprac

CloneSeparatorChange

Use this property to maintain session affinity. The clone ID of the server is appended to session identifier separated by colon. On some Wireless Application Protocol (WAP) devices, a colon is not allowed. Set this property to "true" to change clone separator to a plus sign (+).

Avoid trouble Avoid trouble: If the JVM you are configuring is part of a cluster, make sure to configure other cluster members with this property and using the same value in order for the plugin to maintain affinity. Plugin regeneration and propagation are required after configuration.gotcha

DebugSessionCrossover

The DebugSessionCrossover custom property enables code to perform additional checks to verify that only the session associated with the request is accessed or referenced. Messages are logged if any discrepancies are detected.

To enable session data crossover detection, set this property to true.

See article, HTTP session problems, for additional information.

DelayAfterDuplicateIdException

The DelayAfterDuplicateIdException custom property is used to specify how long, in milliseconds, the session manager should wait before attempting to retrieve a session from the backend server after a SESN0196W error occurs.

The default value for this property is 500.

DelayInvalidationAlarmDuringServerStartup

Use this property to delay the startup of the invalidation alarm upon server startup by the specified number of seconds.

The default value for this property is 0.

ForceSessionInvalidationMultiple

The ForceSessionInvalidationMultiple custom property indicates whether the session manager should wait indefinitely for a request to complete before attempting to invalidate the session, or should attempt to invalidate a session after the specified time limit has elapsed. The default value for this property is 3.

HideSessionValues

The HideSessionValues custom property prevents the logging of session attribute values in session manager traces.

Applications store these session attribute values. However, you might not want to see these values in application server traces. If you do not want to see these values in application server traces, set this property to true

For transitioning users For transitioning users: The default value for this custom property changed from false in the previous release to true in this release.trns

HttpSessionCloneId

Use this property to change the clone ID of the cluster member. Within a cluster, this name must be unique to maintain session affinity. When set, this ID overwrites the default name generated by WebSphere® Application Server.

Default clone ID length: 8 or 9

Default clone ID length: 40

If you want to merge plugin-cfg.xml files manually from multiple nodes, see the related topic.

Avoid trouble Avoid trouble: If you are not running on Version 7.0.0.9 or higher of the product, you must specify the HttpSessionCloneId property as a Web container custom property instead of as a session management custom property. For more information, read about Web container custom properties.gotcha
Best practice Best practice: You can set this property as a session management custom property, which is the preferred level at which to specify this property.bprac
Avoid trouble Avoid trouble: If the JVM you are configuring is part of cluster, make sure to configure other cluster members for this property but with different unique values. All cluster members should have this property set to different unique values.gotcha

HttpSessionEnableUnmanagedServerReplication

Use this custom property to enable servant failover by replicating session data to a controller managed data space. The default is false.

HttpSessionIdLength

Use this property to configure the session identifier length. Do not use an extremely low value; using a low value results in reduced number of combinations possible, thereby increasing risk of guessing the session identifier. In a cluster, all cluster members should be configured with same ID length. Allowed range: 8 to 128. Default length: 23.

HttpSessionIdReuse

The custom property HttpSessionIdReuse determines whether the session manager can use the session ID sent from a browser to preserve session data across Web applications that are running in an environment that is not configured for session persistence.

In a multi-JVM environment that is not configured for session persistence setting this property to true enables the session manager to use the same session information for all of a user's requests even if the Web applications that are handling these requests are governed by different JVMs. The default value for this property is false. To enable the session manager to use the session ID sent from a browser to preserve session data across Web applications that are running in an environment that is not configured for session persistence, set this property to true.

In a z/OS system that includes multiple servants, on rare occasions two requests come in at approximately the same time, and are routed to two separate servants. However, because the two requests come in at approximately the same time, they both request a new session with the same session ID. If the HttpSessionIdReuse property is set to true when this situation occurs, the following error message is logged for one of the servants, and the servant where the message is logged does not get a session:
ExtendedMessage: BBOO0220E: SessionContext:createSession - call to
establishAffinity for id id_number failed with rc 4

HttpSessionReaperPollInterval

Use this property to specify, in seconds, a wake-up interval for the process that removes invalid sessions. The value specified for this property overrides the default installation value, which is between 30 and 360 seconds, and ensures that the reaper process runs at a specific interval.

If the maximum inactive interval is less than 2 minutes, the reaper poll interval [Updated in November 2012] is usually between 30 to 60 seconds [Updated in November 2012]

nov2012
.

[Updated in November 2012] If the maximum inactive interval is more than 2 minutes and up to 15 minutes, the reaper poll interval is usually between 60 to 90 seconds. [Updated in November 2012]

nov2012

If the maximum inactive interval is more than 15 minutes [Updated in November 2012] and up to 30 minutes [Updated in November 2012]

nov2012
, the reaper poll interval [Updated in November 2012] is usually between 120 to 180 seconds [Updated in November 2012]
nov2012
.

[Updated in November 2012] If the maximum inactive interval is more than 30 minutes, the reaper poll interval is usually between 240 to 300 seconds. [Updated in November 2012]

nov2012

Because the default timeout and maximum inactive interval is 30 minutes, the reaper interval is usually between [Updated in February 2013] 2 to 3 minutes [Updated in February 2013]

feb2013
.

For example, you might want to use this property if you want the installation timed out sessions invalidated more frequently than [Updated in November 2012] 4 to 5 minutes [Updated in November 2012]

nov2012
. Specifying HttpSessionReaperPollInterval=120 ensures that sessions are invalidated within 2 minutes of timing out.

The minimum value for this property is 30 seconds. If a value less than the minimum is entered, the specified property is ignored and an appropriate value is automatically determined and used. The maximum inactive interval is the session timeout. The default is based on maximum inactive interval set in session management.

NoAdditionalSessionInfo

Set this value to true to force removal of information that is not needed in session identifiers.

NoAffinitySwitchBack

Set this property to "true" to maintain affinity to the new member even after original one comes back up. When a cluster member fails, its requests routed to a different cluster member, and sessions are activated in that other member. Thus, session affinity is maintained to the new member, and when failed cluster member comes back up, the requests for sessions that were created in the original cluster member are routed back to it. Allowed values are true or false, with the default being false.

Set this property to true when you have distributed sessions configured with time-based write. Note that this property has no affect on the behavior when distributed sessions is not enabled.

OptimizeCacheIdIncrements

Set the OptimizeCacheIdIncrements custom property to true to make the session manager assess whether the in-memory session for each web module is older than the copy in persistent store. Setting this property resolves the continually increasing cache ID.

If HTTP session management is configured to use session persistence and the user's browser session is moving back and forth across multiple Web applications you might see extra persistent store activity as the in-memory sessions for a web module are refreshed from the persistent store. As a result, the cache IDs are continually increasing and the in-memory session attributes are overwritten by those of the persistent copy. Set this property to true to prevent the cache IDs from continually increasing,.

If the configuration is a cluster, ensure that the system times of each cluster member is identical as possible.

SecurityUserIgnoreCase

Set this custom property to true if you want the session security identity and the client security identity to be considered a match even if their cases are different.

When a user configures session security integration, the session manager compares the security identity of th session owner with the security identity of the client request. Because the matching criteria is case sensitive, if these two identities do not exactly match, an UnauthorizedSessionRequestException is sent back to the client.

If you have situations where you want the session security identity and the client security identity to be considered a match even if their cases are different, add the SecurityUserIgnoreCase custom property to your Web container configuration settings, and set the property to true. When this property is set to true, an UnauthorizedSessionRequestException does not occur if the session security identity and the client security identity are identical except for their cases. For example, when this property is set to true, the session security identity USER1 matches the client security identities User1 and user1.

Servlet21SessionCompatibility

Set this custom property to true to enable global session behavior. In Servlet 2.2 and later, sessions are scoped at the Web module level. The default is false.

Deprecated feature Deprecated feature: This property is deprecated. The IBMApplicationSession method replaces the function of the Servlet21SessionCompatibility custom property.depfeat

SessionIdentifierMaxLength

Use this value to set maximum length that a session identifier can grow.

In a cluster, because of fail-over when a request goes to new cluster member, session management appends a new clone ID to the existing clone ID. In a large cluster, if for some reason servers are failing more often, then it is possible that the session identifier length can be more than expected reducing room for URL. This property helps to find out the condition and take appropriate action to address servers fail-over. When this is specified, message is logged when specified maximum length is reached. Allowed value: integer.

SessionRewriteIdentifier

Use this property to change the key used with URL rewriting. Default key: jsessionid.

SessionTableSkipIndexCreation

Use this property to disable index creation on server startup.

This custom property should only be used if you want to manually create your own database indices for session persistence. However, it is recommended that you let session manager create database indices.

To enable this property, go to the session management custom properties administrative console page, enter the SessionTableSkipIndexCreation property name and set its value to true. Before enabling this property, make sure that the correct index does exist on your session database.

SessionTableName

Use this custom property to set the database table name. Allowed value: String. The default value is SESSIONS.

Some applications may rely on method ejbCreate(...) to have created the entity bean in the database. For such a requirement, setting the JVM property com.ibm.websphere.ejbcontainer.allowEarlyInsert to true overrides the default behavior.

UseInvalidatedId

Set this custom property to true to reuse the incoming ID if the session with that ID was recently invalidated. This is a performance optimization because it prevents checking the persistent store. The default value is true.

UseOracleBLOB

The UseOracleBLOB custom property creates the HTTP session database table using the Binary Large Object (BLOB) data type for the medium column. This property increases performance of persistent sessions when Oracle databases are used. Due to an Oracle restriction, BLOB support requires use of the Oracle Call Interface (OCI) database driver for more than 4000 bytes of data. You must also ensure that a new sessions table is created before the server is restarted by dropping your old sessions table or by changing the datasource definition to reference a database that does not contain a sessions table.

Set this property to true to create a sessions table using the BLOB data type.

UsingApplicationSessionsAndInvalidateAll

When the invalidateAllSet method is called, not all IBMApplicationSessions objects are checked. If you are using both the IBMApplicationSessions object and the invalidateAll call, set this property to true.

UsingCustomSchemaName

Use this property to ensure that the session manager successfully detects the sessions table on subsequent server startups.

Set this custom property to true if you are using DB2 for sessions persistence and the customSchema property is not set to the default value in the DB2 JDBC driver.

The default value is false.




Related tasks
Configuring session management by level
Configuring a unique HTTP session clone ID for each application server using scripting
Configuring session tracking
Related reference
Web container custom properties
Related information
Merging plugin-cfg.xml files from multiple nodes
Reference topic Reference topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Feb 5, 2014 9:49:51 PM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-mp&topic=rprs_custom_properties
File name: rprs_custom_properties.html