New Admins: Register for our new Pure Lecture Series!
Pure's logos
Pure Help Center for Pure Administrators

If you are a researcher, or other non-admin at your institution, click here.

  • Home
  • Announcements
  • Release Notes
  • Technical user guides
  • Training
  • Events
  • Support
  • Contact Us
  • Home
  • Knowledge base articles
  • Pure Core

How Can We Help?

Search Results

Filter By Category

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Contact us

Administrator > System Information > Session (Active Sessions)Administrator > System Information > Session (Active Sessions)

What

It is possible to get an overview of how many users currently are logged into Pure based on active sessions. This can be seen if you go to Administrator > System Information > Sessions. Here you can see the username, IP address, first and last request time stamps. The list can often be seen as a mix of usernames, no usernames and anonymous sessions.

Why

Sessions with usernames:

  • Active sessions are HTTP sessions
  • All active sessions are Tomcat sessions, so you'll only see sessions for the webapps deployed in that Tomcat (such as Pure backend and webservice, not the Pure Portal, as that is running in a different environment).
  • You can not see active sessions for the Pure Portal in the Pure backend.
  • Those that are showing up with a username, are users that are logged in to Pure backend or webservice.

Sessions with no usernames:

  • Users, authenticated or not, that are using the webservice, will show up as anonymous. They might not be users as such, but just authenticated through API keys.
  • The IP addresses are from sessions without a user logged in.
  • This can be: users still on the login screen, the portal or webservices.

Sessions with anonymous:

  • In general terms the "anonymous" is very likely a webservice call. 
  • Most of the anonymous sessions are from internal monitoring, other anonymous sessions could also just HTTP sessions in the portal or public accessible webservice, so these are not sessions in the Pure backend.

Note: The admin session tracker filter registers all requests before the authentication filter is called. This means that all sessions to the login page will not have a username associated. The session tracker only evaluates requests for the administration module, specifically so you can get a heads-up in case someone attempts an attack.

If you suspect an attack or breach of the system there are a number of aspects you can evaluate in order to qualify the suspicion:

  • Backtrack the source IP's you're seeing
  • Analyze the audit log for suspicious changes
  • Analyze the access logs - many requests to the login page would indicate a brute force attack

More information

Note: Some of this information is for internal use only and might not be accessible.

Published at October 24, 2023

Download
Table of Contents
  1. What
  2. Why
Related Articles
  • DataCite Metadata Store integration: how to create DOIs for datasets and research outputs
  • New Personal Overview: Person With No Content
  • Open Access Electronic File Upload Reminder
Keywords
  • user/roles/access rights
  • server/installation
  • 5.19.1

Was this article helpful?

Yes
No
Give feedback about this article

    About Pure

  • Announcements

    Additional Support

  • Events
  • Client Community
  • Training

    Need Help?

  • Contact Us
  • Submit a Support Case
  • My Cases
  • Linkedin
  • Twitter
  • Facebook
  • Youtube
Elsevier logo Relx logo

Copyright © 2025 Elsevier, except certain content provided by third parties.

  • Terms & Conditions Terms & Conditions
  • Privacy policyPrivacy policy
  • AccesibilityAccesibility
  • Cookie SettingsCookie Settings
  • Log in to Pure Help CenterLog in to Helpjuice Center

Knowledge Base Software powered by Helpjuice

Expand