Each web agent maintains a cache that stores the policies for every user’s session. The cache can be updated by a cache polling mechanism and a cache notification mechanism.
A web agent maintains a cache of all active sessions involving content that the agent protects. Once an entry is added to an agent's cache, it remains valid for a period of time after which the entry is considered expired and later purged.
The property com.sun.am.policy.am.polling.interval in the web agent AMAgent.properties configuration file determines the number of minutes an entry will remain in the web agent cache. Once the interval specified by this property has elapsed, the entry is dropped from the cache. By default, the expiration time is set to three minutes.
In this mode, cache entry expiration still applies. In addition, the web agent gets notified by the Access Manager service about session changes. Session changes include events such as session logout or a session timeout. When notified of a session or a policy change, the web agent updates the corresponding entry in the cache. Apart from session updates, web agents can also receive policy change updates. Policy changes include events such as updating, deleting, and creating policies.
Web agents have the hybrid cache update mode switched on by default. This is triggered by the property com.sun.am.notification.enable in the web agent AMAgent.properties configuration file, which is set to true. When the property is set to false, the web agent updates its cache through the cache polling mechanism only.
Restrictions due to firewalls, as well as the type of deployment container in use, might not allow notifications to work. In such cases, notification is turned off.
The web agent sets a timeout period on its cache entries. After its end of life, the cache entry is purged from the web agent’s cache. The web agent does not refetch the cache data. The next attempt to access the same entry from cache fails and the web agent makes a round trip to the server and fetches it again to populate the cache. This lazy method of cache updating keeps the web agent cache performing optimally and reduces network traffic.
In a normal deployment situation, policy changes on the server are frequent, which requires sites to accept a certain amount of latency for web agents to reflect policy changes. Each site decides the amount of latency time that is acceptable for the site’s specific needs. When setting the com.sun.am.policy.am.polling.interval property, set it to the lower of the two:
The session idle timeout period
Your site’s accepted latency time for policy changes