16.6 Validating Server-Side Session Operations

You can verify your configured session lifecycle operations.

  1. Authenticate:

    1. Access a resource from a browser using a credential other than your Administrative credential.

    2. Verify that the session exists, as described in "Locating and Managing Active Sessions".

  2. Multiple Sessions:

    1. From a second browser (with cookies removed), access the same resource.

    2. Verify that two sessions exist.

  3. Delete all sessions, (Step 7 of "Locating and Managing Active Sessions") and confirm that the Active sessions are removed.

  4. Re-authentication Verification:

    1. From the second browser (Step 2), access a different resource to confirm that you must re-authenticate.

    2. Enter credentials for the resource.

    3. Verify that a session was created.

  5. Database Verification:

    1. Delete all sessions.

    2. Connect to the database and run the following query:

      SQL> select * from oam_session
    3. Confirm that you see the following results:

      no row selected
    4. From the second browser, access a different resource.

    5. Connect to the database and run the following query

      SQL> select * from oam_session
    6. Confirm that you see one row of data:

      1 rows selected
    7. Select rows from OAM_SESSION_ATTRIBUTES and confirm that data exists for the user.