With this 11gR2 PS2 release of Oracle Access Management, Access Manager sessions can be managed from either the server side or the client side.
The Server-side and client-side Session Management options are described as follows:
Server-side session management (also referred to as Coherence-based session management) is the default session management option developed for Access Manager. It allows for advanced session management across nodes via Coherence-based caching. Offering reliable performance and advanced features (including impersonation, session sniping, identity context propagation and the like), server side session management is recommended for most deployments - especially internal ones where rich session management features are desired.
See the following topics for more details:
Client-side session management (also referred to as cookie-based session management) manages sessions using browser cookies; it is essentially stateless. Client side session management offers higher performance with a lightweight footprint when compared to the Coherence-based option. It stores session details in the browser cookie with no information saved on the server-side and is most appropriate for very large deployments where advanced server-side session management features are not needed.
See "Understanding Client-Side Session Management".
Note:
Cookie-based sessions can be accessed only from a browser request context and not directly from the server.
Follow the instructions in the following topics on how to configure the session management option: See "Using WLST To Configure Session Management".