Web Agent Caches

Contents
sm1252sp1
Contents
sm1252sp1
The Web Agent stores user session and resource information in cache memory. This technique improves the Web Agent efficiency because the Web Agent does not have to retrieve information from the Policy Server each time a user requests access.
By configuring the cache settings, you can manage how this information is stored. The number of entries in the cache determines the size of the cache. The total number of entries in each cache cannot exceed the maximum cache size specified.
Restart the Web Server for changes in the Web Agent cache settings to take effect.
The following guidelines apply to cache management:
  • When a cache is full, new entries replace the least recently used entries.
  • For the resource cache, entries are removed when the value of the ResourceCacheTimeout parameter is reached.
  • For the user session cache, entries are removed based on the session timeout values that you set for each realm.
CA Single Sign-On
empties cached resource information when you modify a policy. You can also empty the user and resource caches manually from the Administrative UI.
sm1252sp1
For more information, see the Policy Server documentation.
Use the following parameters to manage the caches of your agent:
Cache Anonymous Users
You can configure the Web Agent to store anonymous user information in a cache with the following parameter:
sm1252sp1
CacheAnonymous
Specifies if the Web Agent caches anonymous user information. You may want to set this parameter in any of the following situations:
  • If your web site gets mostly anonymous users and you want to store their session information.
  • If your web site gets a mix of registered and anonymous users.
    You may want to disable this parameter to keep the anonymous user information from filling the cache and leaving no room for registered users.
Default:
No
To store anonymous user information in cache, set the value of the CacheAnonymous parameter to yes.
Set the Maximum Resource Cache Size
You can set a maximum on the number of resource cache entries, such as Web pages, that the Web Agent tracks with the following parameter:
sm1252sp1
MaxResourceCacheSize
Specifies the maximum number of entries that the Web Agent keeps in its resource cache. An entry contains the following information:
  • A Policy Server response about whether a resource is protected
  • Any additional attributes returned with the response
When the maximum is reached, new resource records replace the least recently used resource records.
If you set this value to a high number, be sure that sufficient system memory is available.
If you are viewing Web Agent statistics using the OneView Monitor, you may notice that the value shown for the ResourceCacheCount is greater than the value you specified for the MaxResourceCacheSize parameter. This is not an error. The Web Agent uses the MaxResourceCacheSize parameter as a guideline and the values may at times differ because the MaxResourceCacheSize parameter represents the maximum number of average-sized entries in the resource cache. The actual cache entries are most likely larger or smaller than the pre-determined average size; therefore, the effective maximum number of entries may be more or less than the value specified.
For Web Agents that use shared memory, such as the framework Agents, the cache is pre-allocated to a constant size based on the MaxResourceCacheSize value and will not grow.
Default:
(Domino web servers) 1000
Default:
(IIS and Sun Java System web servers) 700
Default:
(Apache web servers) 750
To set the maximum resource cache size
  1. Set the value of the MaxResourceCacheSize parameter to the maximum number of resources you want.
  2. For framework agents, you must restart the web server to apply the change.
    The maximum resource cache size is changed.
Set the Maximum User Session Cache Size
You can set a maximum for the number of users the Agent maintains in the session cache with the following parameter:
MaxSessionCacheSize
Specifies the maximum number of users the Agent maintains in its session cache. The session cache stores the session IDs of users who authenticate successfully. Authenticated users accessing other resources within the realm during a session, are authenticated using the session cache instead of the Policy Server. When the maximum number is reached, the Agent replaces the least recently used user records with new user records.
Base the value of this parameter on the number of users that you expect to access and use resources for a sustained period. If you set this value to a high number, verify that sufficient system memory is available.
Regardless of the cache size, all entries in the session cache of the Web Agent expire automatically after one hour.
Default:
(Domino web servers) 1000
Default:
(IIS and Oracle iPlanet web servers) 700
Default:
(Apache web servers) 750
To set a maximum size of the user session cache
  1. Set the value of the MaxSessionCacheSize parameter to the maximum number of users you want.
  2. For framework agents, you must restart the web server to apply the change.
    The maximum user session cache size is changed.
Control How Long Resource Enteries Remain Cached
You can change the amount of time that resource entries will remain in the cache with the following parameter:
sm1252sp1
ResourceCacheTimeout
Specifies the number of seconds that resource entries remain in the cache. If a user tries to access a protected resource after the time interval has been exceeded, the Web Agent removes the cached entries and contacts the Policy server.
Default:
 600 (10 minutes)
If you change the value of this parameter, you must restart the web server to apply the change.
 
 
To change how long the resource entries remain cached, set the ResourceCacheTimeout parameter to the number of seconds you want.
Disable the Resource Cache
If you are protecting an application that uses dynamic, unique URLs, you may want to disable the resource cache. Since the URLs used by the application are unique, then they will not be read from the cache.
To disable the resource cache, change the value of the MaxResourceCacheSize to zero.
Manage WebSphere Friendly URLs
Configure the IgnoreRichStateURI ACO parameter to manage friendly URLs.
IgnoreRichStateURI
Defines how Policy Server manages the WebSphere friendly URLs. If you set the value to yes, the resource will be served from the Web Agent cache after a successful authentication and authorization of the initial URL.