Configure the Edge UI to store session information in memory

Edge for Private Cloud v4.18.05

By default, when a user logs out of the Edge UI, the session cookie for the user is deleted. However, while the user is logged in, malware or other malicious software running on the user's system could obtain the cookie and use it to access the Edge UI. This situation is not specific to the Edge UI itself, but with the security of the user's system.

As an added level of security, you can configure the Edge UI to store information about current sessions in server memory. When the user logs out, their session information is deleted, preventing another user from using the cookie to access the Edge UI.

This features is disabled by default. Before you enable this feature, your system must meet one of the following requirements:

  • Your system uses a single Edge UI server.
  • Your system uses multiple Edge UI servers with a load balancer, and the load balancer is configured to use sticky sessions.

If your system meets these requirements, then use the following procedure to enable the Edge UI to track user sessions in memory:

  1. Open the ui.properties file in an editor. If the file does not exist, create it:
    vi /opt/apigee/customer/application/ui.properties
  2. Set the following properties in:
    conf_apigee_apigee.feature.expireSessionCookiesInternally="true"
    conf_apigee_apigee.feature.trackSessionCookies="true"
  3. Save your changes.
  4. Ensure the properties file is owned by the "apigee" user:
    chown apigee:apigee /opt/apigee/customer/application/ui.properties
  5. Restart the Edge UI:
    /opt/apigee/apigee-service/bin/apigee-service edge-ui restart