Session Variable Concepts

A session is initiated when you log in to the browser interface or use the CLI. A session persists until you log out or inactivity causes the session to expire. Logically, a session represents the authenticated credentials of a particular user. A session is used to identify the user throughout a series of related requests without reauthentication.

Each session can have a set of session variables that are initialized from the database when you log in. You can use session variables to preserve session-related information, such as user authentication and other credentials. You can modify the session variables in the current session without affecting the session variables that are saved in the database. If you make changes to session variables and their values, you can save them to the database. When saved, all of the variables and their values are saved and are available in future sessions. You can make session variable references when you execute plans and comparisons.

If you have initiated more than one session and try to save the session variables at the same time, only the first session to save the variables succeeds. After the first session successfully saves the session variables, the other sessions are prevented from saving changes to their session variables. To save those changes, do the following:

1. Log out of all sessions.

2. Log in again to restart a session.

   The new set of session variables and values are retrieved from the database based on the last successful save.

3. Make the changes you want to the session variables.

4. Save the changes to the session variables.

Session variables exist in a global namespace, which means that the session variable names you declare are available to all user sessions. For example, suppose that you define a session variable named passwd. Any plan that requests the passwd session variable is referring to the same variable. Session variable names are not scoped to current plans, components, blocks, or hosts. Thus, you must ensure that your session variable names are unique. For example, you might use your initials and birthday month and day, or some other identifier, to make your session variables unique.

Secure Session Variables

A session variable is made up of a name, value, and the secure flag. The session variable name has the same limits as a host-type variable name. The secure flag is a Boolean value that describes whether the value should be securely stored.

When a value is securely stored, the secure flag is set to true. The value of the session variable appears as *** and is encrypted when the variable is saved. When this value is used during plan execution, the value of this variable is obscured from plan history output, as well. Use this secure flag when the variable value is sensitive data, such as passwords. By default, session variables are created with the secure flag set to true.

If any secure variables are saved to the database, you must type your password, which is used as the encryption key. If you supply the wrong password, you are prompted for the password again.

If the password you enter is not recognized, an error is issued. This might occur if the system administrator has changed your password or your login configuration. You are given the following options:

• Reencrypt the session variables. Supply your user name, the password with which the session variables have been encrypted, and your new password.

• Flush the session variables. Delete all of the session variables that you declared. Supply your user name and your current password.

  Use this option if you forgot the password with which the session variables were encrypted.