16.5 Managing Active Server-Side Sessions

Session Management page provides Search controls that enable Administrators to create a query based on filter conditions, save their Search Criteria for use later, and add fields to the query form to further refine the search. The Oracle Access Management ConsoleIn the database store configuration, the session might exist in the database but not in the cache. Session searches are based on the system time stamp. The database is queried for sessions updated earlier than the time stamp (minus the write delay). The cache is queried for sessions updated later than this time stamp. Resulting data found in the cache and the database is merged. If duplicate results exist, cache data prevails. Detailed performance metrics are generated for search operations.

This section describes how to locate and delete one or more sessions for a single user, or for all users. It provides the following information:

• Session Management Controls

• Locating and Managing Active Sessions

16.5.1 Session Management Controls

The Session Management page is accessible from the Configuration section of the Oracle Access Management Console.

Figure 16-2 illustrates the Session Management page. Additional details follow the figure.

Figure 16-2 Common Configuration: Session Management Page

Description of "Figure 16-2 Common Configuration: Session Management Page"

Table 16-9 describes Session Management page and Search controls that enable you to create a query that is based on filter conditions.

Table 16-9 Session Management Controls and the Results Table

Name	Description
Delete All User Sessions ...	Choose this command button to delete the active sessions of all users. Note: A Confirmation window appears where you can confirm or decline the operation.
Saved Search	Drop down menu that lists any search criteria saved previously for reuse. The list of searches is made available whenever you save search criteria. The drop down menu also has a Personalize ... option in addition to the saved searches. If you choose Personalize, you can change the behavior of the saved search criteria by making new choices such as Set as Default or Run Automatically.
Match All Any	Enables you to match either any of the criteria you have specified or match all of the criteria you have specified during the search. Note: When a resource is protected byAnonymousScheme, it is not displayed in a session search.
User ID	Enter a specific userID in the field and then click the Search button to display all active sessions for this user. Incomplete strings and wild cards are allowed. A drop down menu includes options like Starts With, Equals, Contains and the like to assist in your search.
Client IP Address	Enter a Client IP Address and then click the Search button to display all active sessions for this user. Incomplete strings and wild cards are allowed. The same list is available to assist your Userid search and your Client IP Address.
Search	Click this button to initiate a search based on criteria in the form.
Reset	Click this button to clear the form of all criteria.
Add Fields	Displays a drop down menu from which you can select different options to add to your search form. This can include Client IP Address, ID Store, Impersonating and other options. Click the Add Fields button. Select items in the list to add them to the form and click Save. After adding an item, notice that a list is available to assist with the search.
Reorder	Displays a pop-up dialog allowing you to reorder the search fields.
View	Choose commands from the View menu above the results table to configure the table. Commands include: Columns: Displays a menu with the following options you can use to hide or display specific details in the table: Detach: Expands the results table to a full-screen view Attach: Restores the Session Management page view. Reorder Columns: Specifies a new order for columns containing session data in the results table.
Delete	Choose this command button (red X) after selecting items in the results table to delete. Note: When session search criteria is generic (using just a wild card (*), for example), there is a limitation on deleting a session from a large list of sessions. Oracle recommends that your session search criteria is fine-grained enough to obtain a relatively small set of results (ideally 20 or less). Also: A Confirmation window appears where you can confirm or decline the operation.
Detach	Click Detach to expand the results table to a full-page view. Note: If the table is already a detached full-page, click Detach to restore the Session Management page.
Results table (not named)	After searching for the active sessions of a specific user, results are displayed in the table. Details include: Session ID: A unique, OAM-generated session Id. User ID: Impersonating: Creation Time: The day and time the session was created. Last Accessed: The day and time the session was last accessed Client IP: The IP address of the specified user. ID Store Impersonator

16.5.2 Locating and Managing Active Sessions

Users with valid Administrator credentials can configure the search results table, locate the active sessions of a specific user, delete one or more sessions for a specific user, or delete all sessions for all users.

When a resource is protected by AnonymousScheme, it is not displayed in a session search.

See Also:

"Session Management Controls"

Skip any steps that do not apply to your requirements. The OAM Server must be running.

1. In the Oracle Access Management Console, click Application Security at the top of the window.

2. In the Application Security console, click Session Management.

   The Session Management Search page appears with the Username field and a results table.

3. Add Fields: From the Add Fields list, choose the desired field name (Table 16-9).

4. Choose Operators: Open the list of operators for the chosen search field, and choose the desired function.

5. Find sessions:

   1. In the desired query field, enter your criteria (with or without a wild card (*)).

   2. Click the Search button to locate sessions that match either any or all your criteria.

   3. Review the results table.

   4. Repeat if needed to further refine your search.

6. Configure the Results Table: Use functions on the View menu to create the desired results table.

7. Delete sessions:

   1. In the results table, click one or more sessions to remove.

   2. Click the Delete (x) button to delete the selected sessions.

   3. Click Yes to confirm deleting selected sessions (or click No to cancel the delete operation).

   4. Notify the user, if needed.

8. Delete sessions for all users:

   1. Click the Delete All Sessions button in the upper-right corner.

   2. Click Yes when you are asked to confirm.

9. Close the Session Management page when you finish.

10. Proceed to "Validating Server-Side Session Operations".