DataPower

 View Only

 REST Management Interface: Sessions remaining active after asynchronous actionqueue calls

Zachary Fivgas's profile image
Zachary Fivgas posted Wed May 06, 2026 10:48 PM
I am currently in the process of converting several automation workflows from SOMA to the REST Management Interface. I’ve encountered an issue where certain asynchronous calls to the actionqueue leave management sessions open , which is causing downstream failures in my workflow.
The Scenario:
  1. I trigger a domain backup via a POST to /mgmt/actionqueue/{domain}.
  2. I receive the expected 200 OK response with the "pending" action status.
  3. Once the backup is complete, I successfully download the file.
  4. However, the session remains active. When I view the ActiveUsers status resource (/mgmt/status/default/ActiveUsers), the user and session ID are still listed as logged in. 
The Conflict:
Later in the same workflow, I attempt to delete the domain to reset the environment. This operation fails with an error stating the domain cannot be deleted because a user is currently logged in.
We did not experience this with SOMA, as those request/response cycles seemed to terminate the session context immediately. With the REST interface, synchronous calls (like GET config) don't seem to have this problem, but asynchronous actionqueue operations appear to keep the session "pinned."
My Questions:
  • Is there an RMI endpoint specifically for invalidating a session or logging out a user?
  • Has anyone found a way to programmatically clear active users via the REST API?
  • Are there specific headers or configurations for the rest-mgmt service that force a session to close once the initial "pending" response is delivered?
Any insights or workarounds from the community would be greatly appreciated.
John Graham's profile image
John Graham posted Tue May 19, 2026 03:22 PM

These sessions are likely being leaked because there was an error in processing the RMI request.  There is at least 1 known issue whose fix is not yet in a fix pack that matches this scenario.

You can view all sessions in the UI's Active Users page until the web-mgmt idle time out causes the session to be deleted. The Disconnect action can also be used in the Active Users page to delete the leaked session.

If the web-mgmt idle time out is set to 0, the leaked session will persist until it is deleted by the Disconnect action or the DataPower is reloaded.

You can also lower the web management idle timeout to make the leaked sessions be deleted sooner. The new idle timeout value will only impact sessions that are created after the value is changed. The new idle timeout value will not impact sessions that existed prior to the value being changed.

You can also show the active user sessions with RMI. A sample request would be
curl --basic -u MY_USER:MY_PASSWORD -k https://MY_DP:5554/mgmt/status/default/AllActiveUsers

You can then disconnect a user session with RMI. A sample request would be
echo '{"Disconnect":{"id": MY_SESSION_NUMBER, "connection": "rest-mgmt"}}' |curl -s --basic -k -u $MY_USER:$MY_PASSWORD --data-binary @- https://MY_DP:5554/mgmt/actionqueue/default

You might also want to look in the DP log for errors related to the original RMI requests that created the leaked sessions

Related Content