Using HttpSession with third-party web containers (No CR number) (Sun Java System Access Manager 7 2005Q4 Release Notes)

Sun Java System Access Manager 7 2005Q4 Release Notes

Previous: System creates invalid service host name when load balancer has SSL termination (6245660)
Next: Policy Issues

Using `HttpSession` with third-party web containers (No CR number)

The default method of maintaining sessions for authentications is “internal session” instead of HttpSession. The default invalid session maximum time value of three minutes is sufficient. The amtune script sets the value to one minute for Web Server or Application Server. However, if you are using a third-party web container (IBM WebSphere or BEA WebLogic Server) and the optional HttpSession, you might need to limit the web container's maximum HttpSession time limit to avoid performance problems.

Previous: System creates invalid service host name when load balancer has SSL termination (6245660)
Next: Policy Issues