---
title: SessionInfoFilter
description: Calls the AM endpoint for session information, and makes the data available as a new context to downstream PingGateway filters and handlers. Learn more in SessionInfoContext.
component: pinggateway
version: 2026
page_id: pinggateway:reference:SessionInfoFilter
canonical_url: https://docs.pingidentity.com/pinggateway/2026/reference/SessionInfoFilter.html
revdate: 2026-01-15
section_ids:
  websocket_notifications_for_sessions: WebSocket notifications for sessions
  SessionInfoFilter-usage: Usage
  SessionInfoFilter-properties: Properties
  SessionInfoFilter-example: Examples
  SessionInfoFilter-moreinfo: More information
---

# SessionInfoFilter

Calls the AM endpoint for session information, and makes the data available as a new context to downstream PingGateway filters and handlers. Learn more in [SessionInfoContext](SessionInfoContext.html).

|   |                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | When using a SessionInfoFilter with a [CrossDomainSingleSignOnFilter](CrossDomainSingleSignOnFilter.html) (CDSSO filter) or [SingleSignOnFilter](SingleSignOnFilter.html) (SSO filter):- Include the SessionInfoFilter *after* the CDSSO or SSO filter in the chain.

- Do *not* use the raw CDSSO or SSO token in the SessionInfoFilter configuration. Use the token the CDSSO or SSO filter adds to the context, such as `${contexts.ssoToken.value}`. |

## WebSocket notifications for sessions

When WebSocket notifications are set up for sessions, PingGateway receives a notification from AM when a user logs out of AM, or when the AM session is modified, closed, or times out. PingGateway then evicts entries that are related to the event from the `sessionCache`.

For information about setting up WebSocket notifications, using them to clear the session cache, and including them in the server logs, refer to [WebSocket notifications](../maintenance-guide/tuning.html#amservice-websocket).

## Usage

```json
{
  "name": string,
  "type": "SessionInfoFilter",
  "config": {
    "amService": AmService reference,
    "ssoToken": runtime expression<string>
  }
}
```

## Properties

* `"amService"`: *AmService [reference](preface.html#definition-reference), required*

  The [AmService](AmService.html) object to use for communication with AM.

  The following `sessionProperties`, are retrieved from AM:

  * When `sessionProperties` in AmService is configured, listed session properties with a value.

  * When `sessionProperties` in AmService isn't configured, all session properties with a value.

  * Properties with a value that are required by PingGateway but not specified by `sessionProperties` in AmService. For example, when the session cache is enabled, session properties related to the cache are automatically retrieved.

  Properties with a value are returned, properties with a null value aren't returned.

* `"ssoToken"`: *runtime expression<[string](preface.html#definition-string)>, optional*

  Location of the AM SSO or CDSSO token.

  This property can take the following values:

  * `${contexts.ssoToken.value}`, when the SingleSignOnFilter is used for authentication

  * `${contexts.ssoToken.value}` or `${contexts.cdsso.token}`, when the CrossDomainSingleSignOnFilter is used for authentication

  * `${request.headers['mySsoToken'][0]}`, where the SSO or CDSSO token is the first value of the `mySsoToken` header in the request.

  Default: `${request.cookies['AmService-ssoTokenHeader'][0].value}`, where `AmService-ssoTokenHeader` is the name of the header or cookie where the AmService expects to find SSO or CDSSO tokens.

## Examples

You can find an example that uses this filter in [Retrieve a Username From the sessionInfo Context](../gateway-guide/data-downstream.html#UserProfileFilter-retrieve-username-sessinfo).

## More information

[org.forgerock.openig.openam.SessionInfoFilter](../_attachments/apidocs/org/forgerock/openig/openam/SessionInfoFilter.html)

[org.forgerock.openig.openam.SessionInfoContext](../_attachments/apidocs/org/forgerock/openig/openam/SessionInfoContext.html)

[SessionInfoContext](SessionInfoContext.html)

AM's [Authorization](https://docs.pingidentity.com/pingam/8.1/am-authorization/) documentation