A session is a set of related connections between a user and a host. A session may include a set of credentials which define the permissions granted to the user on the host for the duration of the session.
A user initiates a session by requesting access to a target. If a user has the proper permissions, a session is created and the expiration time and connection limit are set based on the target's attributes. If the target is associated with credential libraries, credentials are retrieved and returned from each credential library. A snapshot of the data relevant to authorizing the session is also captured and stored in the Boundary data warehouse when the session is created.
Sessions are created in the project of the corresponding target. Deleting a project will terminate all of the active sessions in the project but will not effect any session data in the data warehouse. Historical data in the data warehouse is never deleted.
A session is forcefully terminated when one of the following occurs:
The session reaches the time limit and expires.
An authorized user manually cancels the session.
Any resource associated with the session is deleted or removed from the target. This includes: the host, the host set, the host catalog, a credential, a credential library, a credential store, the target itself, the project, the organization, the user, the user's account, or the account's authentication method.
In addition to the above, a session terminates non-forcefully when the user closes all connections and no additional connections are allowed because of a connection limit.
Any credentials associated with the session are revoked when the session is terminated.
Permissions are only evaluated at session establishment. Changes to a user's permissions do not effect existing sessions.
The following services are relevant to this resource:
Refer to the Manage Sessions with HCP Boundary tutorial to learn how to start, view, and cancel a session.