Managing Sessions
Describes how to configure session parameters for the Control System and REST clients.
About this task
Enabling Session Replication for the Control System
About this task
When a client establishes a connection with an apiserver (node on which the Control System is installed), the session information is returned in the response. If you have set up multiple apiservers, you can configure the system to store the session information in a database for resending with further requests. For example, in the event of a node failure, you can send the session information with further requests so that the client uses the same session and does not re-authenticate when routed to a different apiserver.
To configure the host for session replication, perform the following steps on all the nodes running the apiserver:
Procedure
-
Open the
/opt/mapr/apiserver/conf/hazelcast.xml
file and set the value for thecom.mapr.admin.lib.JsonDbMapStore
parameter totrue
.For example, your setting in the file for this parameter should look similar to the following (as shown in bold):
By default, this is disabled (<map-store enabled="true"> <class-name>com.mapr.admin.lib.JsonDbMapStore</class-name> </map-store>
false
) and the session information is not stored in the DB. -
Specify the hostname of the apiservers (cluster of nodes) where the session
information can be sent with the request.
For example, to specify the list of apiservers, modify the following in the
/opt/mapr/apiserver/conf/hazelcast.xml
file:
The default value for both<network> <join> <multicast enabled="false"></multicast> <tcp-ip enabled="false"> <member>hostname.example.com</member> <member>hostname.example.com</member> </tcp-ip> </join> </network>
multicast
andtcp-ip
isfalse
. If you set the value formulticast
totrue
, all apiservers on the cluster are automatically added to the list of apiservers where re-authentication is not required once a connection is established. This is not recommended. Instead, set the value fortcp-ip
totrue
and explicitly specify the hostnames of the apiservers (cluster of nodes) where re-authentication is not required once a session is established.For example, your entry in the file should look similar to the following (as shown in bold):
<network> <join> <multicast enabled="false"></multicast> <tcp-ip enabled="true"> <member>abc.example.com</member> <member>xyz.example.com</member> </tcp-ip> </join> </network>
-
Save and close the
/opt/mapr/apiserver/conf/hazelcast.xml
file. -
Open the
/opt/mapr/apiserver/conf/web.xml
file and specify the domain name of the cluster to cache using thecookie-domain
parameter.For example, your setting in the file should look similar to the following (as shown in bold):<init-param> <param-name>cookie-domain</param-name> <param-value>.example.com</param-value> </init-param
-
Save and close the
/opt/mapr/apiserver/conf/web.xml
file. -
Restart the apiserver by running the following command:
service mapr-apiserver start
Configuring Sessions for REST Clients
About this task
This section describes how to get a session cookie, which can be used on subsequent requests. This cookie, valid for up to 30 minutes by default, contains the session ID and can be used to verify the identity of further API calls.
To get and save a cookie, which you can then use with subsequent requests, for:
- Basic authentication, submit a request similar to the following:
curl -X POST -c <cookiefile-location> https://<webserver-host>:8443/login -d 'username=root&password=mapr'
- SPNEGO, submit a request similar to the following:
curl --negotiate -u : -b <cookiefile-location> -c <cookiefile-location> https://<web server node>:8443/rest/<API call> -k -v
The contents of the cookie file may look similar to the following:
cat /tmp/cookiejar.txt
# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
#HttpOnly_<webserver-hostname> FALSE / TRUE 1509486224 MAPR.APISERVER.JSESSIONID node014ukard563rhu1ns8umn2s6uft3709.node0
#HttpOnly_<webserver-hostname> FALSE / FALSE 0 MAPR.APISERVER.SESSIONID
Configuring Session Timeout
About this task
session-timeout
parameter in the /opt/mapr/apiserver/conf/web.xml
file. The value
for this parameter is in minutes. The session-timeout
parameter in
the web.xml
file is applicable for all clients. If no REST API
calls are made for 30 minutes (default value) by a client, then the apiserver will
terminate the session for that client. web.xml
file is NOT related to
the Session Rate setting in the Control System. The Session Rate setting in the
Control System sets the idle timeout parameter for the Control System
ONLY. If there is no activity on the Control System within this timeout
period, the client sends a logout request to log out from the Control
System.Procedure
-
Open the
/opt/mapr/apiserver/conf/web.xml
file. -
Change the value of the
session-timeout
parameter.For example, in the
/opt/mapr/apiserver/conf/web.xml
file, change the parameter shown in bold:<session-config> <cookie-config> <http-only>true</http-only> <max-age>86400</max-age> <name>MAPR.APISERVER.JSESSIONID</name> <!-- <secure>true</secure> --> </cookie-config> <session-timeout>30</session-timeout> </session-config>