Oracle Adaptive Access Manager Proxy 6-17 running. If you have a single local memcache running, you do not need to have this element at all. By default, the UIO Apache Proxy tries to connect to memcache on IP address 127.0.0.1 and port 11211. Settings These are flags to control the behavior of the UIO Apache Proxy. Various settings are listed in Table 6–11 . Table 6–11 OAAM UIO Proxy Settings. Flags Description MaxSessionInactiveInterval_sec UIO Apache Proxy maintains a session for every user passes through the proxy. This setting sets the expiry time of this session after the user becomes inactive. It is in seconds default is 30 minutes For example, Setting name=MaxSessionInactiveInterval_sec value=1800 GarbageCollectorInterval_ms Interval for running session expiry thread default = 5 minutes For example, Setting name=GarbageCollectorInterval_ms value=300000 FileWatcherInterval_ms Interval for checking if the settings or any config file has changed default = 1minute For example, Setting name=FileWatcherInterval_ms value=60000 After modifying the configuration XML file, even though the proxy updates the configuration on the fly, it is advisable to restart the httpd server. SessionIdCookieName_str Name of the cookie used by UIO Apache Proxy to maintain its session default = OAAM_UIOProxy_SessionId For example, Setting name=SessionIdCookieName_str value=SessionId SessionCookie_ DomainLevelCount Domain level for the UIO Apache Proxy session cookie. Does not affect any other cookie. For example, Setting name=SessionCookie_DomainLevelCount value=2 SessionCookie_ExpiryInMinutes The value of this setting is used to compute the expiry time that is put in the expires attribute of the Set-Cookie header of the UIO Apache Proxy session cookie. Default is zero which means the expires attribute is not added. SessionCookie_IsHttpOnly If set to 1, the UIO Apache Proxy session cookie is marked as HTTP only in the Set-Cookie Header. Affects only this cookie. Default is not to mark the cookie as HTTP only. On a supported browser, a HttpOnly cookie is only used when transmitting HTTP or HTTPS requests, but the cookie value is not available to client side script, hence mitigate the threat of cookie theft via Cross-site scripting. SessionCookie_IsSecure If set to 1, UIO Apache Proxy session cookie is marked as secure in the Set-Cookie header. It does not affect any other cookie. The default is not to mark the cookie as secure. A secure cookie is only used when a browser is visiting a server via HTTPS, that will make sure that cookie is always encrypted when transmitting from client to server, and therefore less likely to be exposed to cookie theft via eavesdropping.