18
listed on the Session List page.
For example, when User1 logs in, the web server builds the initial frames view, with User1 listed
as the active user, menu items in the navigation pane, and page data in the right pane. When
User1 clicks from link to link, only the menu items and page data are updated.
While User1 is logged in, if User2 opens a browser window on the same client and logs in, the
second login overwrites the cookie generated in the User1 session. Assuming that User2 is a
different user account, a different current frame is built, and a new session is granted. The
second session appears on the Session List page as User2.
The second login has effectively orphaned the first session by overriding the cookie generated
during the User1 login. This behavior is the same as closing the User1 browser without clicking
the Log Out button. The User1 orphaned session is reclaimed when the session timeout expires.
Because the current user frame is not refreshed unless the browser is forced to refresh the entire
page, User1 can continue navigating by using the browser window. However, the browser is now
operating by using the User2 session cookie settings, even though it might not be readily
apparent.
If User1 continues to navigate in this mode (User1 and User2 sharing a process because User2
logged in and reset the session cookie), the following might occur:
•
User1 session behaves consistently with the privileges assigned to User2.
•
User1 activity keeps User2 session alive, but User1 session can time out unexpectedly.
•
Logging out of either window causes both sessions to end. The next activity in the other
window can redirect the user to the login page as if a session timeout or premature timeout
occurred.
•
Clicking Log Out from the second session (User2) results in the following warning message:
Logging out: unknown page to display before redirecting the user to the
login page.
•
If User2 logs out and then logs back in as User3, User1 assumes the User3 session.
•
If User1 is at login, and User2 is logged in, User1 can alter the URL to redirect to the index
page. It appears as if User1 has accessed iLO without logging in.
These behaviors continue as long as the duplicate windows are open. All activities are attributed
to the same user, using the last session cookie set.
Displaying the current session cookie
After logging in, you can force the browser to display the current session cookie by entering the
following in the URL navigation bar:
javascript:alert(document.cookie)
The first field visible is the session ID. If the session ID is the same among the different browser
Summary of Contents for iLO 5
Page 6: ......
Page 27: ...21 ...
Page 67: ...61 ...
Page 117: ...111 Installing license keys iLO Federation group IMPORTANT Do not use this function ...
Page 140: ...134 More Information Configuring iLO access options ...
Page 258: ...252 5 The security message is displayed at the next login ...
Page 314: ...308 Reset iLO ...
Page 334: ......