I promised to let you know results of my experiment, so here is goes:
tcp_keepalives_idle = 900
tcp_keepalives_interval=0
tcp_keepalives_count=0
Doesn't terminate connection to database in 15 minutes of inactivity of psql prompt. So, it looks like that would work only for case if network connection is broken and session left hanging. For psql prompt case looks like pg_terminate_backend() would be the only solution.
Actually, I'm not an expert on the tcp_keepalives, but I believe the tcp_keepalives_count should be 1, otherwise it will take 45 minutes minutes to timeout. Then again, I could be wrong.
On Sun, Dec 20, 2015 at 12:28 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
oleg yusim <olegyusim@gmail.com> writes: > Got it, thanks... Now, is it any protection in place currently against > replacing Session ID (my understanding, it is kept in memory, belonging to > the session process) or against guessing Session ID (i.e. is Session ID > generated using FIPS 140-2 compliant algorithms, or anything of that sort)?
I don't think Postgres even has any concept that matches what you seem to think a Session ID is.
If you're looking for communication security/integrity checking, that's something we leave to other software such as SSL.