iTP Secure WebServer System Administrators Guide (Version 7.5+)
You can specify the attributes listed in Table 25 (page 174) in one of these three ways:
• By Default Attributes
You can change the default value of any ticketing attribute shown in [Table 24 (page 167)],
by using the SI_Default directive, which has this form:
SI_Default -attribute value [-attribute value] ...
For example, the directive
SI_Default -AnonymousTicketExpiration 7200
changes the validity period to 2 hours (7200 seconds). Attributes set through the SI_Default
directive apply to all regions following the directive unless overridden by a subsequent
department-wide or region-wide directive, or reset by another SI_Default directive.
• By Department-Wide Attributes
You can override a default attribute value by specifying a department-wide attribute by using
the SI_Department directive, which has this form:
SI_Department departmentID -attribute value [-attribute value]...
For example, the following directive sets the period cookies are valid to 1000 seconds for
department 1, only. The default value of the CookiePersistence attribute remains valid
for all other departments:
SI_Department 1 -CookiePersistence 1000
Attributes set through the SI_Department directive apply to all regions in the specified
department unless overridden by a region-wide directive or reset by a subsequent
SI_Department directive.
• By Region-Wide Attributes
You can override a default attribute value and a department-wide attribute value by specifying
the SI_Department command in the Region directive, which has the following form
SI_Department departmentID -attribute value \ [-attribute value]...
For example, this Region directive specifies the period (1800 seconds) that Session Identifiers
are valid.
Region /info/* {
SI_Department 1 -AnonymousTicketExpiration 1800
}
Any SI_Department commands in a region must precede all Region directive SI_RequireSI
commands in the same region. Attributes set through the SI_Department command apply
only to requests for contents in the region in which the attributes are specified. For all other
requests, the default or department-wide attributes apply.
Setting the Anonymous Ticket Expiration Time
By default, tickets generated by anonymous ticketing have an expiration value of six hours. If a
user presents a ticket that has expired, the content server generates a new ticket using the same
user ID so that users can be tracked across long sessions. You can also track users across sessions
if browser caching is enabled, as described in “Browser Caching” (page 176).
You can specify a different expiration time for anonymous tickets by using the
-AnonymousTicketExpiration attribute, which has the form
-AnonymousTicketExpiration seconds
For example, this directive sets the expiration time of anonymous tickets to 1800 seconds (30
minutes):
SI_Default -AnonymousTicketExpiration 1800
You can use this attribute in an SI_Default or SI_Department directive or in an SI_Department
command in a Region directive.
Configuring for Anonymous Ticketing 175