Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-07-2021 08:56 AM
In the CLI, "show admins" will report my current CLI session.
If I also log into the Web interface, "show admins" will now show a Web session in addition to the CLI session.
After I click "logout" on the Web interface, "show admins" reveals that my Web session is now gone.
However, if I run a python script using the XML API from a remote server to retrieve the ARP table entries, and then run
"show admins", I now see a new Web session for the Admin used in the script.
Both the response and the request headers show that the connection is closed and "ss -t -a" shows no open TCP port from the client to the firewall.
Yet the Web session persists.
I tried issuing a follow-up xml api command, ?type=op&cmd=<exit></exit>, but that returns error code 17.
The "debug cli on" feature fails to reveal anything about the "logout" button on the Web interface.
Why does a Web session persist after using the XML API and is there a proper way to close it?
