Creating a login session

You create a login session when you log in to the appliance through the browser. Additional requests to the appliance use the session ID, which must be protected because it represents the authenticated user. To protect the session ID, use a supported web browser when using the UI. When writing a client of the HPE OneView REST interface, the programmer must not reveal the session ID.

A session remains valid until you log out or the session times out (for example, if a session is idle for a longer time than the session idle timeout value).

The default timeout value is 24 hours. To change the value on a per-session basis, use POST /rest/sessions/idle-timeout. You can change the value to 24 hours or less.

HPE OneView has set the following limits to regulate the number of active user sessions:

  • SESSION_CRITICAL_LIMIT

    The maximum number of active user sessions, by default, is 2400. All the remote (nonkiosk) logins are blocked once the number of active user sessions reaches this limit.

  • SESSION_THRESHOLD_LIMIT

    When the number of active user sessions reaches the default value of 80% of the SESSION_CRITICAL_LIMIT, HPE OneView displays a warning alert. The alert warns you about the approaching SESSION_CRITICAL_LIMIT of active user sessions on the appliance.

  • SESSION_CLIENT_LIMIT

    The maximum number of active user sessions from a particular IP address by default is 960. Any further logins from the same client are blocked. You can still log in from the other IP addresses as long as the total number of active user sessions on the appliance is within the SESSION_CRITICAL_LIMIT

NOTE:

The SESSION_CRITICAL_LIMIT and the SESSION_CLIENT_LIMIT values can be updated by the Infrastructure administrator. The default values for all the active user session limits are preconfigured on the appliance and they are effective once the appliance boots up.

You can use the following API to modify the SESSION_CRITICAL_LIMIT and the SESSION_CLIENT_LIMIT values.

PUT https://{appliance}/rest/session-settings