version 1.50, 2014/10/29 11:07:56
|
version 1.51, 2014/10/30 12:52:17
|
|
|
</tbody></table> | </tbody></table> |
</ul> | </ul> |
| |
|
<h5>httpSessionTimeout</h5> |
|
<ul> |
|
<b>Description: </b>If set to a positive integer, this value |
|
specifies a HTTP session lifetime in seconds. |
|
<br> |
|
After initial authentication using standard HTTP mechanisms |
|
(HTTP Basic or Negotiate authentication), the server generates a cookie |
|
and sends it back to the client, as described in RFC 6265. The client |
|
can then use the cookie in subsequent requests to skip the usual HTTP |
|
authentication. The cookie is valid only for period of time specified by |
|
this configuration option. |
|
<br> |
|
If set to zero, session management is turned off and CIM server will not |
|
issue cookies. |
|
<br> |
|
This option is available only when Pegasus was compiled with |
|
PEGASUS_ENABLE_SESSION_COOKIES set to 'true'. |
|
<br> |
|
<b>Recommended Default Value (Development Build): </b>0<br> |
|
<b>Recommended Default Value (Release Build): </b>0<br> |
|
<b>Recommend To Be Fixed/Hidden (Development Build): </b>No/No<br> |
|
<b>Recommend To Be Fixed/Hidden (Release Build): </b>No/No<br> |
|
<b>Dynamic?: </b>Yes<br> |
|
<b>Considerations: </b> |
|
The session timeout should be set to relatively small number (e.g. 30) to |
|
ensure the window, when the a potentially stolen cookie can be re-used, is |
|
quite small. This means every client will be re-authenticated the usual way |
|
(HTTP Basic or Negotiate) at least every 30 seconds. |
|
<br> |
|
</ul> |
|
|
|
|
<h5>idleConnectionTimeout</h5> | <h5>idleConnectionTimeout</h5> |
<ul> | <ul> |
<b>Description: </b>If set to a positive integer, this value | <b>Description: </b>If set to a positive integer, this value |