| Table of Contents |
|---|
...
Gateway stores all tokens within the administrative domain as objects that automatically expire using the object lifepoint feature. The expiration time of an authentication token can be specified when the token is created. If the time is not specified, a default expiration time will be assigned based on the tokenTTLHours parameter in the [gateway] section of the gateway.cfg file. If an expired token is presented to Gateway, the request will proceed as an anonymous user subject to all of the normal access control policies. Additionally, the Set-Cookie header of the response will instruct the HTTP client to delete its expired token cookie.
...