iTP Secure WebServer System Administrator's Guide (iTPWebSvr 5.1+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

281

282

283

284

285

286

287

288

289

290

Administering Session Identifiers for Anonymous

Sessions

iTP Secure WebServer System Administrator’s Guide—522659-001

11- 8

Advanced Configuration Options

Setting the Anonymous Ticket Expiration Time

By default, tickets generated by anonymous ticketing have an expiration value of six

hours. If a user presents a ticket that has expired, the content server generates a new

ticket using the same user ID so that users can be tracked across long sessions. You can

also track users across sessions if browser caching is enabled, as described in Browser

Caching on page 11-8.

You can specify a different expiration time for anonymous tickets by using the

-AnonymousTicketExpiration attribute, which has the form

-AnonymousTicketExpiration seconds

For example, the following directive sets the expiration time of anonymous tickets to

1800 seconds (30 minutes):

SI_Default -AnonymousTicketExpiration 1800

You can use this attribute in an SI_Default or SI_Department directive or in an

SI_Department command in a Region directive.

The Session Identifier Specification 1.0 rounds expiration times to approximately

8.5-minute intervals. The range of expiration times is approximately 8.5 minutes (510

seconds) to 1 year (about 30 million seconds).

Browser Caching

Some browsers support caching mechanisms that the content server can use to prevent

the loss of tickets. The cached information is called a cookie. You can specify whether

you want your server to take advantage of these mechanisms whenever they are

available.

If a web client supports caching, a web server can direct the web client to save arbitrary

information. For ticketing, the content server can direct the web client to store a ticket in

its cache; then, whenever the web client sends a request to the server, it automatically

sends the cached information (the ticket).

Caching is particularly valuable if you want to track users across separate sessions. With

caching, a user can exit the web client or request a resource on a nonticketed server

without losing the ticket.

How Proxy Servers Affect Ticketing

Many web installations and online services employ a proxy server whose job is to cache

requests and replies for multiple web users. Caching can increase performance

dramatically for web users, but it can have some negative effects on tracking and

authentication.