Global Session Properties for secure web services
Posted: Wed Oct 12, 2011 10:08 am
In Information Server 8.5 on AIX, the Global Session Properties default to:
Inactive Session Timeout: 1800 seconds
Check Inactive Sessions Every: 60 seconds
Maximum Sessions: 1000
I have a SOAP over HTTP request/response web service, DataStage job published using ISD, that requires authentication (HTTP Basic Authentication), so each user request of the web service creates a session.
Each new web service session does not timeout for 30 minutes, even though the user got their web service response in a matter of milliseconds.
Does anyone think there should be logic somewhere that's smart enough to close such a session once it has sent the response?
I could lower the Inactive Session Timeout to 30 seconds, but I guess I'm worried that would cause DataStage Designer or Director sessions to get dropped when they shouldn't.
Inactive Session Timeout: 1800 seconds
Check Inactive Sessions Every: 60 seconds
Maximum Sessions: 1000
I have a SOAP over HTTP request/response web service, DataStage job published using ISD, that requires authentication (HTTP Basic Authentication), so each user request of the web service creates a session.
Each new web service session does not timeout for 30 minutes, even though the user got their web service response in a matter of milliseconds.
Does anyone think there should be logic somewhere that's smart enough to close such a session once it has sent the response?
I could lower the Inactive Session Timeout to 30 seconds, but I guess I'm worried that would cause DataStage Designer or Director sessions to get dropped when they shouldn't.