16.6 Validating Server-Side Session Operations

You can verify your configured session lifecycle operations.

1. Authenticate:

   1. Access a resource from a browser using a credential other than your Administrative credential.

   2. Verify that the session exists, as described in "Locating and Managing Active Sessions".

2. Multiple Sessions:

   1. From a second browser (with cookies removed), access the same resource.

   2. Verify that two sessions exist.

3. Delete all sessions, (Step 7 of "Locating and Managing Active Sessions") and confirm that the Active sessions are removed.

4. Re-authentication Verification:

   1. From the second browser (Step 2), access a different resource to confirm that you must re-authenticate.

   2. Enter credentials for the resource.

   3. Verify that a session was created.

5. Database Verification:

   1. Delete all sessions.

   2. Connect to the database and run the following query:

      SQL> select * from oam_session
      

   3. Confirm that you see the following results:

      no row selected
      

   4. From the second browser, access a different resource.

   5. Connect to the database and run the following query

      SQL> select * from oam_session
      

   6. Confirm that you see one row of data:

      1 rows selected
      

   7. Select rows from OAM_SESSION_ATTRIBUTES and confirm that data exists for the user.