Communication over HTTP consists of client requests and server responses (also called exchanges). Unlike in other protocols, for example SSH, these request-response pairs do not form a well-defined, continuous connection. Therefore, One Identity Safeguard for Privileged Sessions (SPS) assumes that an HTTP request-response pair belongs to a specific session if the following points are true:
-
The IP address of the client is the same
-
The hostname of the target server (not the IP address) is the same
-
The username is the same (if the user has performed inband authentication)
-
The time elapsed since the last request-response pair between the same client and server is less then the session timeout value (15 minutes by default).
-
The first session cookie SPS finds within the request is the same. Note that the cookie must be listed in the Session Cookie Settings option. For details, see Creating and editing protocol-level HTTP settings.
SPS creates a separate audit trail and records the accessed URLs for every session. These are displayed on the Sessions page. If any of the columns is not visible, click Customize columns....
For technical reasons, in authenticated sessions the login page where the user provides the credentials is not part of the session associated with the username. This means that even if the login page is the first that the user visits, SPS will record two sessions: the first does not include a username, the second one does. These two sessions are visible on the Pending Connections > Active Connections page (until the unauthenticated session times out).