Community Articles

Find and share helpful community-sourced technical articles.
Welcome to the upgraded Community! Read this blog to see What’s New!
Labels (1)
Super Mentor

- Ambari manages it's Http Session information's using "AMBARISESSIONID". So if we want to logout the logged in user then we will need to find out it's "AMBARISESSIONID" cookie value. We can get it using browser debug tools like for Google chrome we can use Menu -> More Tools --> Developer Tools


The we can go to the "Network" tab of the developer tool and then on the right hand side we should see the Cookies and other request headers.


Here i have found that the value for the "AMBARISESSIONID" Http Session Cookie is "1t4o6q0ph8j23etnl3e6ig5b3" hence now we can simply make a curl call as following in order to get this user logged out:

$ curl -u admin:admin -i -H 'X-Requested-By:ambari' -H "Cookie: AMBARISESSIONID=1t4o6q0ph8j23etnl3e6ig5b3" -X GET

HTTP/1.1 200 OK
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
User: admin
Content-Type: text/plain
Content-Length: 0
Server: Jetty(8.1.19.v20160209)

- As soon as the above curl command is executed we will see that the user is logged out from the ambari UI on the browser.


We can also enable the Http Session logging in the ambari server log by editing the file "/etc/ambari-server/conf/" and adding the following line at the end.

Now When we will restart ambari server then we can see that the logged in users sessions are printed there:

07 Feb 2017 05:21:20,283 DEBUG [ambari-client-thread-29] session:275 - Got Session ID 1t4o6q0ph8j23etnl3e6ig5b3 from cookie

With the above approach we can get all the active Session IDs and can force logout them all. However enabling DEBUG logging will causes excessive log event generation so we need to be careful there.

Version history
Last update:
‎08-17-2019 05:03 AM
Updated by: