HP ProLiant Gen8 Troubleshooting Guide Volume II: Error Messages

ManualsBrandsHP ManualsServerHP ProLiant ML350p Gen8 Server

241

242

243

244

245

246

247

248

249

250

HP iLO errors 249

Cookie order behavior

During login, the login page builds a browser session cookie that links the window to the appropriate session

in the firmware. The firmware tracks browser logins as separate sessions listed in the Active Sessions section

of the iLO Status page.

For example, when User1 logs in, the Web server builds the initial frames view, with current user: User1 in

the top pane, menu items in the left pane, and page data in the lower-right pane. As User1 clicks from link

to link, only the menu items and page data are updated.

While User1 is logged in, if another user, User2, opens another browser window on the same client and logs

in, the second login overwrites the cookie generated in the original User1 session. Assuming that User2 is a

different user account, a different current frame is built, and a new session is granted. The second session

appears in the Active Sessions section of the iLO Status page as current user: User2.

The second login has effectively orphaned the first session (User1) by wiping out the cookie generated during

the User1 login. This behavior is the same as closing the User1 browser without clicking the Log Out link.

User1 orphaned session is reclaimed when the session timeout expires.

Because the current user frame is not refreshed unless the browser is forced to refresh the entire page, User1

can continue navigating using his or her browser window. However, the browser is now operating using the

User2 session cookie settings, even though it is not readily apparent.

If User1 continues to navigate in this mode (User1 and User2 sharing the same process because User2

logged in and reset the session cookie), the following can occur:

• User1 session behaves consistently with the privileges assigned to User2.

• User1 activity keeps User2 session alive, but User1 session can time out unexpectedly.

• Logging out of either window causes both window sessions to terminate. The next activity in the other

window can redirect the user to the login page as if a session timeout or premature timeout occurred.

• Clicking Log Out from the second session (User2) results in the following message:

Logging out: unknown page to display before redirecting the user to the login

page.

• If User2 logs out then logs back in as User3, User1 assumes the User3 session.

• If User1 is at login, and User2 is logged in, User1 can alter the URL to redirect to the index page. It

appears as if User1 has accessed iLO without logging in.

These behaviors continue as long as the duplicate windows are open. All activities are attributed to the same

user, using the last session cookie set.

Displaying the current session cookie

After logging in, you can force the browser to display the current session cookie by entering

javascript:alert(document.cookie) in the URL navigation bar. The first field visible is the session

ID. If the session ID is the same among the different browser windows, then these windows are sharing the

same iLO session.

You can force the browser to refresh and reveal your true identity by pressing the F5 key, selecting

View>Refresh, or clicking the refresh button.

Preventing cookie-related user issues

To prevent cookie-based behavioral issues: