Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:sessions [2019/04/03 12:40]
127.0.0.1 external edit
documentation:latest:sessions [2019/07/04 22:05] (current)
Line 9: Line 9:
   * **Sessions update interval**: Minimum interval used to update session when activity timeout is set.   * **Sessions update interval**: Minimum interval used to update session when activity timeout is set.
 <note warning>​Session activity timeout requires Handlers to have a write access to sessions database.</​note>​ <note warning>​Session activity timeout requires Handlers to have a write access to sessions database.</​note>​
-  * **Opening conditions**:​ rules which are evaluated before granting session. If a user does not comply with any conditionhe is prompted a customized message. That message can contain session data as user attributes or macros. The conditions are checked in alphabetical order of comments.+  * **Opening conditions**:​ rules which are evaluated before granting session, ​see [[grantsession|Grant Session plugin documentation]]
   * **Sessions Storage**: you can define here which session backend to use, with the backend options. See [[start#​sessions_database|sessions database configuration]] to know which modules you can use. Here are some global ​ options that you can use with all sessions backends:   * **Sessions Storage**: you can define here which session backend to use, with the backend options. See [[start#​sessions_database|sessions database configuration]] to know which modules you can use. Here are some global ​ options that you can use with all sessions backends:
     * **generateModule**:​ allows one to override the default module that generates sessions identifiers. For security reasons, we recommend to use Lemonldap::​NG::​Common::​Apache::​Session::​Generate::​SHA256     * **generateModule**:​ allows one to override the default module that generates sessions identifiers. For security reasons, we recommend to use Lemonldap::​NG::​Common::​Apache::​Session::​Generate::​SHA256
Line 19: Line 19:
     * **Display deleted sessions**: display deleted sessions on authentication phase.     * **Display deleted sessions**: display deleted sessions on authentication phase.
     * **Display other sessions **: display other sessions on authentication phase, with a link to delete them.     * **Display other sessions **: display other sessions on authentication phase, with a link to delete them.
 +  * **Persistent sessions**: are used for storing users log in history, 2F devices, OIDCConsents and so on. Heavy organizations may have to disable persistent sessions storage to avoid too many database tuples.
 +    * **Disable storage**: Do not store user persitent sessions.
 +
 <note important>​Note that since HTTP protocol is not connected, restrictions are not applied to the new session: the oldest are destroyed.</​note>​ <note important>​Note that since HTTP protocol is not connected, restrictions are not applied to the new session: the oldest are destroyed.</​note>​