Some organizations might find it helpful to configure their Gluu Server to issue longer user or client sessions. Longer sessions mean fewer authentications, which, in many circumstances, can offer a better user experience. For instance, Google re-authenticates users only as a last option.
But longer sessions introduce additional operational considerations, such as:
- Increased entries in LDAP
- More load on the VM resources, like memory and CPU
- More stress on LDAP replication (if your servers are clustered)
Unused and expired cache and session related entries are periodically removed from oxAuth with a cleaningJob. This reduces unnecessary data from LDAP and generally improves the server’s performance.
However, if you are operating an earlier version of Gluu 3.1.x and have long-lived sessions configured for a large data set, cached data should be cleared manually.
The best and safest way to clear cache in 3.1.x is to backup and restore LDAP.
We’ve added instructions in our docs for both Gluu OpenDJ and OpenLDAP.
Note: this is a temporary workaround to make sure services don’t crash unexpectedly. The best solution is to upgrade to Gluu server 3.1.6, which handles cached sessions better out-of-the-box.
If you spot any issues with the docs or the process, open an issue on Gluu support or submit a pull request to our documentation on GitHub.
Thanks!