Section – Session Tracking

Session Tracking

Track session based on SSL session ID

Airlock Gateway supports SSL session ID based session tracking. If enabled, the HTTPS (SSL) sessions will not use a session cookie but rather the SSL session ID as the session identifier. For more information please read this Techzone Article.

Note that HTTP sessions (no SSL) always use a session cookie independent of this setting.

Session timeout (seconds)

Specifies the amount of idle time (time without being accessed) in seconds, after which an Airlock Gateway session is removed. This timeout should be smaller than all other session timeouts of your back-end applications. Even if the timeout can be configured in seconds, per default the resolution of the idle session timeout check is 5 seconds only. That means that the real enforced idle timeout may include a variance of maximum 5 seconds. This is a performance optimization which does not affect your Airlock Gateway usage.

Session lifetime (seconds)

Specifies the absolute lifetime of an Airlock Gateway session in seconds. After this time a session will be removed from the Gateway.


We recommend specifying a small initial idle timeout in the static configuration and then dynamically setting the idle timeout of user credentials after a successful authentication. This can be done by using the back-end Control API of Airlock Gateway.