Shared instances, Cookie order behavior, Shared instances cookie order behavior – HP Integrated Lights-Out 2 User Manual
Page 200
These multiple logins can confuse the browser. This confusion can appear as an iLO 2 issue;
however, this is a manifestation of typical browser behavior.
Several processes can cause a browser to open additional windows. Browser windows opened
from within an open browser represent different aspects of the same program in memory.
Consequently, each browser window shares properties with the parent, including cookies.
Shared instances
When iLO 2 opens another browser window, for example, Remote Console, Virtual Media, or
Help, this window shares the same connection to iLO 2 and the session cookie.
The iLO 2 Web server makes URL decisions based on each request received. For example, if a
request does not have access rights, it is redirected to the login page, regardless of the original
request. Web server based redirection, selecting File>New>Window or pressing the Ctrl+N keys,
opens a duplicate instance of the original browser.
Cookie order behavior
During login, the login page builds a browser session cookie that links the window to the appropriate
session in the firmware. The firmware tracks browser logins as separate sessions listed in the Active
Sessions section of the iLO 2 Status page.
For example, when User1 logs in, the Web server builds the initial frames view, with current user:
User1 in the top pane, menu items in the left pane, and page data in the lower-right pane. As
User1 clicks from link to link, only the menu items and page data are updated.
While User1 is logged in, if another user, User2, opens another browser window on the same
client and logs in, the second login overwrites the cookie generated in the original User1 session.
Assuming that User2 is a different user account, a different current frame is built, and a new session
is granted. The second session appears in the Active Sessions section of the iLO 2 Status page as
current user: User2.
The second login has effectively orphaned the first session (User1) by wiping out the cookie
generated during User1's login. This behavior is the same as closing User1's browser without
clicking the Log Out link. User1's orphaned session is reclaimed when the session timeout expires.
Because the current user frame is not refreshed unless the browser is forced to refresh the entire
page, User1 can continue navigating using his or her browser window. However, the browser is
now operating using User2's session cookie settings, even though it is not readily apparent.
If User1 continues to navigate in this mode (User1 and User2 sharing the same process because
User2 logged in and reset the session cookie), the following can occur:
•
User1's session behaves consistently with the privileges assigned to User2.
•
User1's activity keeps User2's session alive, but User1's session can time out unexpectedly.
•
Logging out of either window causes both window sessions to terminate. The next activity in
the other window can redirect the user to the login page as if a session timeout or premature
timeout occurred.
•
Clicking Log Out from the second session (User2) results in a
Logging out: unknown page to display before redirecting the user to the login page.
•
If User2 logs out then logs back in as User3, User1 assumes User3's session.
•
If User1 is at login, and User2 is logged in, User1 can alter the URL to redirect to the index
page. It appears as if User1 has accessed iLO 2 without logging in.
These behaviors continue as long as the duplicate windows are open. All activities are attributed
to the same user, using the last session cookie set.
200 Troubleshooting iLO 2