Configuration of the session/login subsystem.
Sessions are not required by the REST API, but can be used if set up. A session is effectively just a cookie that links to a JWT generated by the login handler.
Session data can be stored either in memory or in a database, depending on whether or not is set.
Name |
Type |
Details |
boolean |
Set the flag to indicate that a session is required for all REST API calls. |
|
The purging period for the session data. A scheduled task is set up to run this often that will remove any expired sessions from both the in-memory cache and the database. |
||
int |
Length of the state passed in to the OAuth authentication endpoint. |
|
int |
Length of the PKCE code verifier passed in to the OAuth authentication endpoint. |
|
int |
Length of the nonce passed in to the OAuth authentication endpoint. |
|
Map of OAuth endpoints that the user can choose from when logging in. |
||
Configuration of the cookie used for the session.When Query Engine is configured in a path-hijack configuration it is important that the session cookie path matches the root path for the Query Engine. Without this it is possible for multiple session cookies to exist for the same user concurrently. |