HP Integrated Lights-Out User Manual page 179

logins can confuse the browser. This confusion can appear as an iLO issue is a manifestation of typical
browser behavior.
Several processes can cause a browser to open additional windows. Browser windows opened from
within an open browser represent different aspects of the same program in memory. Consequently, each
browser window shares properties with the parent, including cookies.
Shared instances
When iLO opens another browser window, for example, Remote Console, Virtual Media, or Help, this
window shares the same connection to iLO and the session cookie.
The iLO Web server makes URL decisions based on each request received. For example, if a request does
not have access rights, it is redirected to the login page, regardless of the original request. Web server
based redirection, selecting File>New>Window or pressing the Ctrl+N keys, opens a duplicate instance of
the original browser.
Cookie order behavior
During login, the login page builds a browser session cookie that links the window to the appropriate
session in the firmware. The firmware tracks browser logins as separate sessions listed in the Active
Sessions section of the iLO Status page.
For example, when User1 logs in, the Web server builds the initial frames view, with current user: User1
in the top pane, menu items in the left pane, and page data in the lower-right pane. As User1 clicks from
link to link, only the menu items and page data are updated.
While User1 is logged in, if another user, User2, opens another browser window on the same client and
logs in, the second login overwrites the cookie generated in the original User1 session. Assuming that
User2 is a different user account, a different current frame is built, and a new session is granted. The
second session is displayed in the Active Sessions section of the iLO Status page as current user: User2.
The second login has effectively orphaned the first session (User1) by wiping out the cookie generated
during User1's login. This behavior is the same as closing User1's browser without clicking the Log Out
link. User1's orphaned session is reclaimed when the session timeout expires.
Because the current user frame is not refreshed unless the browser is forced to refresh the entire page,
User1 can continue navigating using his or her browser window. However, the browser is now operating
using User2's session cookie settings, even though it is not readily apparent.
If User1 continues to navigate in this mode (User1 and User2 sharing the same process because User2
logged in and reset the session cookie), the following can occur:
User1's session behaves consistently with the privileges assigned to User2.
User1's activity keeps User2's session alive, but User1's session can time out unexpectedly.
Logging out of either window causes both window sessions to terminate. The next activity in the
other window can redirect the user to the login page as if a session timeout or premature timeout
occurred.
Clicking Log Out from the second session (User2) results in a Logging out:
to display before redirecting the user to the login page.
If User2 logs out then logs back in as User3, User1 assumes User3's session.
If User1 is at login, and User2 is logged in, User1 can alter the URL to redirect to the index page. It
appears as if User1 has accessed iLO without logging in.
unknown page
Troubleshooting iLO 179