Session tracking modes and configuration

Session tracking for Airlock IAM sessions can be configured in Airlock Gateway via session cookies or header tokens.

  • Cookie-based session tracking is the default solution for most browser-based applications. It requires cookie-handling capabilities in the browser (or mobile application).
  • In cases where cookie session tracking cannot be used, i.e., because cookie handling is unavailable, HTTP header-based session tracking can be configured instead.

Historically, Airlock IAM could be configured to generate header tokens for session tracking, but this is no longer a supported solution. As of Airlock Gateway 8.1, IAM-generated header tokens are no longer supported.

The following table lists the possible configuration options with different Airlock IAM and Airlock Gateway release versions:

Airlock IAM version

Airlock Gateway version

Available tracking modes

Up to 7.7

Up to 8.0

  • Gateway session cookie (default)
  • Gateway header token
  • Support for IAM-generated header tokens has been marked as deprecated in the Airlock Gateway Expert Settings. Use Gateway header token configuration instead.

Up to 7.7

8.1

  • Gateway session cookie (default)
  • Gateway header token

    • Support for IAM-generated header tokens has been removed from the Airlock Gateway Expert Settings.
    The IAM header binding option must be turned off under:
    Loginapp >> Authentication Flows >> section Advanced Settings >> Session Binding With Header Token

8.0 and later
(header token generation no longer available)

Any

  • Gateway session cookie
  • Gateway header token