Manual Chapter : About per-session and per-request policies
Applies To:Show Versions
- 15.0.1, 15.0.0
About per-session and
Access Policy Manager (APM) provides two types of policies.
- Per-session policy
- The per-session policy runs when a client initiates a session. (A per-session policy is also known as an access policy.) Depending on the actions you include in the access policy, it can authenticate the user and perform other actions that populate session variables with data for use throughout the session.
- Per-request policy
- After a session starts, aper-request policyruns each time the client makes an HTTP or HTTPS request. Because of this behavior, a per-request policy is particularly useful in the context of a Zero Trust scenario, where the client requires re-verification on every request. A per-request policy can include a subroutine, which starts a subsession. Multiple subsessions can exist at one time.You cannot use subroutines in macros within per-request policies.
You can associate one access policy and one per-request policy with a virtual server.