Session cache scaling
The session cache inside nevisAuth is configured to have an upper limit to enforce a maximum of parallel user sessions at a time. As session termination notifications may be lost due to network problems, the session cache should be sized to approximately twice the size of the maximum number of parallel user sessions.
To configure the session cache, execute the following command:
nevisauth config
The following parameters are relevant for session cache configuration. Adapt them according to your needs:
<SessionCache name="SessionCache" size="100000" initialInactivityTimeout="300" inactivityTimeout="43200" maxLifetime="43200">
The configuration in the previous code snippet provides 100'000 sessions with an initial timeout of 300 seconds. This means that multi-step authentication has to be completed within 5 minutes (the multi-step authentication creates the global authentication session after the first successful step). If the user is too slow in completing the next step, he is forced to start over.
After the authentication is completed, the session lifetime is raised to 12 hours. This time-out enforces a maximum possible session lifetime. Note that idle and screen saver time-outs are enforced by the nevisProxy.
When nevisAuth failure safety is enabled, the number of parallel sessions remains the same, but the initial cache synchronization may need to be disabled as each established session triggers a call to the fallback instance (syncPullInitial="false"
).