Creating a login session
You create a login session when you log in to the appliance through the browser. Additional requests to the appliance use the session ID, which must be protected because it represents the authenticated user. To protect the session ID, use a supported web browser when using the UI. When writing a client of the HPE OneView REST interface, the programmer must not reveal the session ID.
A session remains valid until you log out or the session times out (for example, if a session is idle for a longer time than the session idle timeout value).
The default timeout value is 24 hours. To change the value on a per-session basis, use
POST /rest/sessions/idle-timeout
. You can change the value to 24 hours or less.
HPE OneView has set the following limits to regulate the number of active user sessions:
SESSION_CRITICAL_LIMIT
The maximum number of active user sessions, by default, is 2400. All the remote (nonkiosk) logins are blocked once the number of active user sessions reaches this limit.
SESSION_THRESHOLD_LIMIT
When the number of active user sessions reaches the default value of 80% of the
SESSION_CRITICAL_LIMIT
, HPE OneView displays a warning alert. The alert warns you about the approachingSESSION_CRITICAL_LIMIT
of active user sessions on the appliance.SESSION_CLIENT_LIMIT
The maximum number of active user sessions from a particular IP address by default is 960. Any further logins from the same client are blocked. You can still log in from the other IP addresses as long as the total number of active user sessions on the appliance is within the
SESSION_CRITICAL_LIMIT
The
SESSION_CRITICAL_LIMIT
and the
SESSION_CLIENT_LIMIT
values can be updated by the
Infrastructure administrator. The default values for all the active user session limits are preconfigured on the appliance and they are effective once the appliance boots up.
You can use the following API to modify the
SESSION_CRITICAL_LIMIT
and the
SESSION_CLIENT_LIMIT
values.
PUT https://{appliance}/rest/session-settings