- ECLWatch needs to support sessions via HTTPS.
- Users must log in (if authentication is enabled), and ECLWatch must then retain the session token for that user. The token is provided with all subsequent requests instead of credentials.
- A new log out button must be added. ECLWatch must query ESP for session status, and will display an "You are about to be logged out" notification and must handle cases where the session is closed on the back end by a time out or admin action ("You have been logged out").
- Sessions must be supported whenever authentication is enabled, whether LDAP, HTPASSWD or other pluggable security manager
- New screens will include a login and a user's Session Metrics screen (how long active, how long till timeout, etc).
- Optionally, an Admin screen that enumerates all active sessions and relevant metrics, along with a button to log a user out
Optionally we should implement a "Take me to this page on login" feature.