SessionHandling

microgateway.airlock.com/v1alpha1


SessionHandling contains the configuration for session handling.

apiVersion: microgateway.airlock.com/v1alpha1
kind: SessionHandling
metadata:
  name: session-handling-example
spec:
  mode: Enforce
  persistence:
    # Specify the Redis database where sessions should be stored
    redisProviderRef:
      name: redis-provider-example
  defaultTimeouts:
    # Specify idle timeout of a session
    idle: 30s
    # Specify maximum lifetime of a session
    lifetime: 16h
  prefix: session_prefix_example

  cookie:
    name: SESS
    # Specify the attributes set on the session cookie
    attributes:
      domain: example.org
      path: /
      sameSite: Strict
      secure: true
apiVersion: microgateway.airlock.com/v1alpha1
kind: SessionHandling
metadata:
  name: default

SessionHandling

Field Type Description Required Default Allowed Values
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata yes
spec object Specification of the desired session handling behavior. yes

SessionHandling.spec

Field Type Description Required Default Allowed Values
cookie object Cookie configures the session cookie used for cookie-based session tracking. no
defaultTimeouts object DefaultTimeouts specifies the session timeouts to apply when not provided by the authentication method. no
mode enum Mode specifies the session handling mode. Meaning of the possible values:
Enforce: All requests are aggregated into sessions. For requests without a session, a new session is created. For requests with an existing session, the session is reused and the idle time reset.
OnDemand: Behaves like Enforce for routes which have access control with OIDC authentication configured. For all other routes, sessions will be neither created nor used.
no OnDemand Enforce, OnDemand
persistence object Persistence configures where to store the session state. yes
prefix string Prefix specifies the prefix under which the sessions should be stored in the persistence layer.
If not specified, an automatic prefix derived from the namespaced SessionHandling CR name is used, which ensures that sessions will always be isolated on Microgateways configured with different SessionHandling CRs, even if they share the same persistence backend.

To allow session sharing between different Microgateway deployments, ensure that the cookie domain, prefix and persistence backend is the same across all corresponding SessionHandling CRs.
no

SessionHandling.spec.cookie

Field Type Description Required Default Allowed Values
attributes object Attributes specifies additional attributes set on the session cookie. no
name string Name specifies the name of the session cookie. no AL_SESS

SessionHandling.spec.cookie.attributes

Field Type Description Required Default Allowed Values
domain string Domain attribute to set. If not present, the attribute is omitted. A typical use case is to share the session cookie with sub-domains. no
path string Path attribute to set. If not present, the attribute is omitted. Specifies a path prefix which the requested URL must match in order for the cookie to be sent. no
sameSite enum SameSite attribute to set. Specifies whether and when cookies are sent with cross-site requests. no Lax Lax, None, Strict
secure bool Secure attribute to set. A cookie with the Secure attribute is only sent to the server with an encrypted request over the HTTPS protocol. no true true, false

SessionHandling.spec.defaultTimeouts

Field Type Description Required Default Allowed Values
idle string Idle specifies the maximum duration a session can remain inactive before it is considered expired. no 10m See link
lifetime string Lifetime specifies the maximum duration a session can exist. no 12h See link

SessionHandling.spec.persistence

Field Type Description Required Default Allowed Values
redisProviderRef object RedisProviderRef specifies to cache session information in the provided Redis instance. yes

SessionHandling.spec.persistence.redisProviderRef

Field Type Description Required Default Allowed Values
name string Name of the resource yes