Topics

The console command "Tell HTTP Show Users" may be used for tracking user sessions. Servers participating in single sign-on, configured for multi-server session-based authentication may not report sessions accurately using this command after a logout, when the logout doesn't occur on an SSO participating server.

If a browser's cookie was created on a server (Server A), this command will display the user name, IP address, and cookie expiration time for that web server. If the browser then uses the cookie to authenticate with another server (Server B), tell http show users, will display this user session on Server B.

However, if the browser performs a db.nsf?logout url command on any server, whether the cookie originated on that server or not, that server will not display the user session after this command is issued. If the logout occurred on Server B, for example, Server A will display the session as still active until it expires, but the cookie has been invalidated and the browser will be re-prompted for authentication if it tries to access Server A.