Adjustment of the last access time update frequency

Edit online

The dsess-last-access-update-interval stanza entry in the [session] stanza of the WebSEAL configuration file specifies the frequency at which WebSEAL updates the session last access time at the Redis session cache.

If you are adjusting session inactivity timeouts or configuring re-authentication based on session inactivity policy (reauth-for-inactive = yes), and you are using the Redis session cache, you might need to adjust this value.

Smaller values offer more accurate inactivity timeout tracking, at the expense of sending updates to the Redis session cache more frequently. Values of less than 1 second are not permitted. The default value is 60 seconds. For example:
[session]
dsess-last-access-update-interval = 60
As an example, consider the following configuration:
[session]
inactive-timeout = 600
dsess-last-access-update-interval = 60

With these configuration values, a user's session may be flagged as "inactive" at the distributed session cache anywhere between 540 seconds and 600 seconds after the user's last access to the WebSEAL server.

Small values for the dsess-last-access-update-interval parameter are not recommended and can seriously impact WebSEAL server performance.

See also Reauthentication with external authentication interface.

See also Cache entry inactivity timeout value