SessionHandling
microgateway.airlock.com/v1alpha1
SessionHandling contains the configuration for session handling.
apiVersion: microgateway.airlock.com/v1alpha1
kind: SessionHandling
metadata:
name: session-handling-example
spec:
mode: Enforce
persistence:
# Specify the Redis database where sessions should be stored
redisProviderRef:
name: redis-provider-example
defaultTimeouts:
# Specify idle timeout of a session
idle: 30s
# Specify maximum lifetime of a session
lifetime: 16h
prefix: session_prefix_example
cookie:
name: SESS
# Specify the attributes set on the session cookie
attributes:
domain: example.org
path: /
sameSite: Strict
secure: true
apiVersion: microgateway.airlock.com/v1alpha1
kind: SessionHandling
metadata:
name: default
SessionHandling
Field | Type | Description | Required | Default | Allowed Values |
---|---|---|---|---|---|
metadata |
ObjectMeta | Refer to Kubernetes API documentation for fields of metadata |
yes | ||
spec | object | Specification of the desired session handling behavior. | yes |
SessionHandling.spec
Field | Type | Description | Required | Default | Allowed Values |
---|---|---|---|---|---|
cookie | object | Cookie configures the session cookie used for cookie-based session tracking. | no | ||
defaultTimeouts | object | DefaultTimeouts specifies the session timeouts to apply when not provided by the authentication method. | no | ||
mode |
enum | Mode specifies the session handling mode. Meaning of the possible values: Enforce: All requests are aggregated into sessions. For requests without a session, a new session is created. For requests with an existing session, the session is reused and the idle time reset. OnDemand: Behaves like Enforce for routes which have access control with OIDC authentication configured. For all other routes, sessions will be neither created nor used. |
no | OnDemand |
Enforce , OnDemand |
persistence | object | Persistence configures where to store the session state. | yes | ||
prefix |
string | Prefix specifies the prefix under which the sessions should be stored in the persistence layer. If not specified, an automatic prefix derived from the namespaced SessionHandling CR name is used, which ensures that sessions will always be isolated on Microgateways configured with different SessionHandling CRs, even if they share the same persistence backend. To allow session sharing between different Microgateway deployments, ensure that the cookie domain, prefix and persistence backend is the same across all corresponding SessionHandling CRs. |
no |
SessionHandling.spec.cookie
Field | Type | Description | Required | Default | Allowed Values |
---|---|---|---|---|---|
attributes | object | Attributes specifies additional attributes set on the session cookie. | no | ||
name |
string | Name specifies the name of the session cookie. | no | AL_SESS |
SessionHandling.spec.cookie.attributes
Field | Type | Description | Required | Default | Allowed Values |
---|---|---|---|---|---|
domain |
string | Domain attribute to set. If not present, the attribute is omitted. A typical use case is to share the session cookie with sub-domains. | no | ||
path |
string | Path attribute to set. If not present, the attribute is omitted. Specifies a path prefix which the requested URL must match in order for the cookie to be sent. | no | ||
sameSite |
enum | SameSite attribute to set. Specifies whether and when cookies are sent with cross-site requests. | no | Lax |
Lax , None , Strict |
secure |
bool | Secure attribute to set. A cookie with the Secure attribute is only sent to the server with an encrypted request over the HTTPS protocol. | no | true |
true , false |
SessionHandling.spec.defaultTimeouts
Field | Type | Description | Required | Default | Allowed Values |
---|---|---|---|---|---|
idle | string | Idle specifies the maximum duration a session can remain inactive before it is considered expired. | no | 10m |
See link |
lifetime | string | Lifetime specifies the maximum duration a session can exist. | no | 12h |
See link |
SessionHandling.spec.persistence
Field | Type | Description | Required | Default | Allowed Values |
---|---|---|---|---|---|
redisProviderRef | object | RedisProviderRef specifies to cache session information in the provided Redis instance. | yes |
SessionHandling.spec.persistence.redisProviderRef
Field | Type | Description | Required | Default | Allowed Values |
---|---|---|---|---|---|
name |
string | Name of the resource | yes |