You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by di...@apache.org on 2013/09/30 20:31:07 UTC

svn commit: r1527699 - /incubator/knox/trunk/books/0.3.0/config_authn.md

Author: dillidorai
Date: Mon Sep 30 18:31:07 2013
New Revision: 1527699

URL: http://svn.apache.org/r1527699
Log:
KNOX-151, add documentation for session timeout configuration

Modified:
    incubator/knox/trunk/books/0.3.0/config_authn.md

Modified: incubator/knox/trunk/books/0.3.0/config_authn.md
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/books/0.3.0/config_authn.md?rev=1527699&r1=1527698&r2=1527699&view=diff
==============================================================================
--- incubator/knox/trunk/books/0.3.0/config_authn.md (original)
+++ incubator/knox/trunk/books/0.3.0/config_authn.md Mon Sep 30 18:31:07 2013
@@ -38,5 +38,30 @@ See more here about [Jetty SSL setup](ht
 
 #### Session Configuration ####
 
-TODO
+Knox maps each cluster topology to a web application and leverages standard JavaEE session management.
+
+To configure session idle timeout for the topology, please specify value of parameter sessionTimeout for ShiroProvider in your topology file.  If you do not specify the value for this parameter, it defaults to 30minutes.
+
+The definition would look like the following in the topoloogy file:
+
+    ...
+    <provider>
+                <role>authentication</role>
+                <name>ShiroProvider</name>
+                <enabled>true</enabled>
+                <param>
+                    <!-- 
+                    session timeout in minutes,  this is really idle timeout,
+                    defaults to 30mins, if the property value is not defined,, 
+                    current client authentication would expire if client idles contiuosly for more than this value
+                    -->
+                    <name>sessionTimeout</name>
+                    <value>30</value>
+                </param>
+    ...
+
+
+At present, ShiroProvider in Knox leverages JavaEE session to maintain authentication state for a user across requests using JSESSIONID cookie.  So, a clieent that authenticated with Knox could pass the JSESSIONID cookie with repeated requests as long as the session has not timed out instead of submitting userid/password with every request.  Presenting a valid session cookie in place of userid/password would also perform better as additional credential store lookups are avoided.
+
+