I believe I have determined what was causing the accumulation of REST API sessions. The user was accessing the AWI from a web browser running in a virtual machine. When he had finished work for the day, he simply closed the session to the VM. After a while with no activity, the VM quit running apps and logged the user out. Each time this happened, a defunct REST API session was left in the
Connections list. Over the course of several weeks, the number grew to more than 20.
There is one piece of evidence that might contradict the above theory. The
Last seen date & time was identical for all of the
REST API connections for this user. Perhaps this is normal, and the field shows the last time that the user was seen on the system
at all, or the last time the user connected using the REST API. If however the
Last seen field is meant to show the date any time that
the particular connection was last active, my above explanation for the accumulated connections cannot be correct.
Assuming though that my understanding is correct, the way REST API sessions persist in the
Connections list seems suboptimal. I can see the value in showing transient user sessions for a short time after they have been closed, but I do not see the value in showing tens of long-defunct connections from the same user.
My suggestion: duplicate REST API sessions for the same user should be automatically pruned after a day or two. Leave one in the list, but remove all the others. Can anyone point out reasons why my idea would not work, or why the existing behavior is preferable? If not, I will submit the proposal to the
Ideas page.
Thanks to all who provided information about how the
Connections list works.
Original Message:
Sent: Jan 26, 2022 10:34 AM
From: Michael Lowry
Subject: Many 'REST API' connections listed for the same user
We've recently noticed that one particular user often has many REST API connections listed in the AWI. The user says he's not accessing the REST API directly, so we assume all of these connections are being initiated by the user's AWI sessions.
We would like to learn more about the connections listed in the Connections view of the Administration perspective. It was my understanding that REST API calls did not involve the establishment and maintenance of persistent sessions. Does this list include sessions that are no longer active? What circumstances could lead to a single user's having tens of REST API connections listed?