Please explain the flow of a persistent session including the agent cache and validation period.
When the Agent receives the SMSESSION cookie, it extracts the Session ID and the Session Spec, and it checks them against the values stored in the User Session Cache.
If the Agent cache doesn’t contain a corresponding entry, or it is time to validate the session based on the Session Drift, the Agent uses the Validate() call to pass the Session ID and the Session Spec to the Policy Server for validation.
If the validation succeeds, the Policy Server updates the session timestamp in the Session Store and returns the updated Session Spec to the Agent. The Session ID is not modified in the course of validation.
Session Drift– is configured per realm (as the “Validation Period” in the “Session” tab of the realm dialog) and specifies the maximum time between agent calls to validate a persistent session. These calls are used both to notify the Policy Server that a user is still active (to prevent the session termination due to the session idle timeout) and to check that the session is still valid. Session drift value must be less then Session idle timeout.