Configuring the authentication and access module for cookieless operation
To allow the Authentication and access module to function in like an API, use of a client side cookie can be avoided with an advanced configuration option.
Before you begin
- Use the internal High Volume Database (HVDB)
- Set up an external HVDB
- Set up a Distributed Session Cache (DSC)
About this task
When the cookieless operation is enabled, several configuration options are available to suit a range of deployment configurations and use cases.
In a high availability or clustered environments it is recommended that session affinity is enforced for a sufficient period of time to allow session replication between nodes. The length of time that sticky session is enforced depends on the deployment.
During normal operation a jsession cookie is still returned. However if this sessions cookie is returned in subsequent requests, it is ignored by the authentication service.
Configure the Authentication-based and Content-based access module to not rely on client side cookies to store authentication information.
Administrators can choose to store this information in either the DSC, Memory, or the HVDB, depending on deployment requirements.