UAC Directives

The following directives configure User Access Control (UAC).

uac_user_limit

The maximum number of users that can access RealityServer at a time. If set to 0 (or not given) then unlimited users may access.

uac_session_timeout

To prevent denial of service UAC sessions will expire after a period of time. If a session is not accessed in uac_session_timeout seconds then it is deleted and the session slot made available to other potential users.

uac_auto_session

By default RealityServer automatically allocates a session to a user if they access a UAC controlled url without a session cookie set. This behaviour can be disabled by setting uac_auto_session to off. In this case, users have to explicitly request a session id via the /uac/create/ url to obtain a session before accessing UAC controlled urls.

uac_session_cookie

UAC is implemented via session cookies. When a user is granted access a session cookie is set containing the generated session id. The name of the cookie set can be controlled via the uac_session_cookie directive.

uac_session_cookie_domain

By default UAC session cookies do not set a 'Domain' attribute. This makes the cookies only applicable to the exact domain that the request was made from. By using the uac_session_cookie_domain directive the 'Domain' attribute of the cookie is set to the provided domain

uac_management_base_url

RealityServer provides UAC management via the uac_management_base_url url. Users can create and destroy sessions as well as associate scopes with a session by accessing commands on the url. The url used for this can be changed by setting this directive.