Sun Java System Access Manager Policy Agent 2.2 Guide for Microsoft Internet Information Services 5.0

Providing Personalization With Session Attributes

Web agents in Policy Agent 2.2 support a feature where a user's session attributes are fetched and set as headers or cookies. The following property responsible for this task:

This property can be set to one of the following values:

When set to NONE, no session attributes are fetched and the property is ignored. With this property set to either HTTP_HEADER or HTTP_COOKIE, the web agent fetches session attributes. Use the following property to configure attributes that are to be forwarded as HTTP headers or cookies:

The following content is from the web agent configuration file. The text has been reformatted for this section. This section illustrates how the property maps session attributes to headers or cookies.

Session attributes are added to an HTTP header following this format:


The value of the attribute being fetched in session is session_attribute_name. This value gets mapped to a header value as follows: http_header_name.

Note –

In most cases, in a destination application where http_header_name appears as a request header, it is prefixed with HTTP_ and the following type of conversion takes place:

Lower case letters

convert to upper case letters.

Hyphen “-

converts to underscore “_


as an example, converts to “HTTP_COMMON_NAME.” = 
successURL | success-url, contextId | context-id

The session attribute is forwarded as a header or a cookie as determined by the end-user applications on the web container that the web agent is protecting. These applications can be considered the consumers of the forwarded header values. The forwarded information is used for the customization and personalization of web pages. You can also write server side plug-ins to put any user session attribute and define the corresponding attribute name and mapping in the preceding property to retrieve the value.