16.1 Introducing Access Manager Session Management

With this 11gR2 PS2 release of Oracle Access Management, Access Manager sessions can be managed from either the server side or the client side.

The Server-side and client-side Session Management options are described as follows:

  • Server-side session management (also referred to as Coherence-based session management) is the default session management option developed for Access Manager. It allows for advanced session management across nodes via Coherence-based caching. Offering reliable performance and advanced features (including impersonation, session sniping, identity context propagation and the like), server side session management is recommended for most deployments - especially internal ones where rich session management features are desired.

    See the following topics for more details:

  • Client-side session management (also referred to as cookie-based session management) manages sessions using browser cookies; it is essentially stateless. Client side session management offers higher performance with a lightweight footprint when compared to the Coherence-based option. It stores session details in the browser cookie with no information saved on the server-side and is most appropriate for very large deployments where advanced server-side session management features are not needed.

    See "Understanding Client-Side Session Management".


    Cookie-based sessions can be accessed only from a browser request context and not directly from the server.

Follow the instructions in the following topics on how to configure the session management option: See "Using WLST To Configure Session Management".