Session handling

Depending on the setup and the service to be protected, it may be necessary to use a session store. Airlock Microgateway uses Redis to store and synchronize session information. Hence, if session handling is required, a separate Redis service must be provided. The Microgateway supports the same Redis modes as the Airlock Gateway appliance (local, remote server and remote cluster).

Configuration example for Redis nodes:

  redis_hosts:
    - 'redis-service1:6379'
    - 'redis-service2:6379'
  store_mode: cluster

On mappings, the desired session handling mode must be enabled accordingly:

    mappings:
      - name: helloworld
        session_handling: enforce_session

Multiple Microgateway containers can use the same Redis service to synchronize session information between each other.

Passphrase file

For secure generation of session tokens, e.g., the Airlock Microgateway session cookie, a secret passphrase is required. The passphrase file must be copied or mounted to /secret/ and then referenced in the session configuration section.

  session:
      encryption_passphrase_file: /secret/passphrase