HP Integrated Lights-Out Security, 7th edition
9
Figure 4. Flowchart showing how the browser generates the login cookie used for authentication (iLO and
iLO 2)
The cookie is stored in the memory of the client machine while you have the browser session open.
Any open browser session may preserve a cookie, including a “spawned” browser session such as
the remote console window. The client browser never writes the cookie to its disk drive. Only the
client session that generated the cookie can access it. The browser destroys the cookie when you
close the browser or log out of iLO. Therefore, you should close all browser instances to guarantee
that the browser destroys the cookie.
After creating the cookie, the browser returns it to iLO with a request for a status page. iLO looks up
the assigned user privileges through a generic login interface (API) to centralize the login functionality
and to abstract the local and directory user accounts.
The common login API authenticates first against the directory, and then against local user accounts
(Figure 5).