Persistent Sessions
Web Reverse Proxy can now be configured to remember the username, which is used in a login form, and can also be configured to persist authenticated sessions across browser restarts
- Remembering the Username
- It is possible to remember the username which was provided in the login form so that this field
can be automatically populated on subsequent logins. In order to enable this capability:
- The
[remember-me] remember-username-cookie-name
configuration entry must be set to the name of the cookie which will hold the name of the user. The cookie which is returned to the browser will be a persistent cookie. - The ‘
remember-username
’ form field must be included in the login request. If this field is not included in the login request any existing remember-username cookie will be cleared.
The default login.html file contains an additional form field for remembering the username, along with JavaScript which can be used to automatically select the field if the cookie is already available in the browser. This field and JavaScript are commented out by default and should be uncommented if the capability to remember the username is enabled. The name of the cookie which is referenced in the JavaScript must match the name of the cookie which is configured in the ‘
[remember-me] remember-username-cookie-name
’ configuration entry. - The
- Remembering the Sessions
- A session can be persisted so that a user is not required to authenticate each time they access
a site. The information required to recreate the session can be embedded within a protected token,
which can then be passed back to the client in either a HTTP header or a persistent cookie. When the
token is presented to the Web reverse proxy on a subsequent request it will validate the token and
then re-establish the user session using the information contained within the token. The token will
consist of attributes from the user credential, as defined by the ‘
[remember-me] remember-session-attribute-rule
’ configuration entry, along with additional literal values, as defined by the ‘[remember-me] remember-session-attribute-literal
’ configuration entry.In order to enable this capability:
- The
[remember-me] remember-session-field
configuration entry must be set to the name of the field which will hold the session token. - The
[remember-me] remember-session-key-label
configuration entry must be set to the name of the key which will be used to protect the token. - The ‘
remember-session
’ form field must be included in the login request.
The default login.html file contains an additional form field for remembering the session. This field is commented out by default and should be uncommented if the capability to remember the session is enabled.
- The