The implementation of the metric nuxeo.web.authentication.logged-users does not apparently match its semantic:
in the common case of web session timeout expiration or TOKEN_AUTH authentication, this metric is not enabling to decipher how many users are currently logged on a Nuxeo server: the metric is showing at least as many logged on users, and maybe more (which is often the case)
Except in the case of an explicit user logout, the metric is ever increasing, never decreasing.
Expected result: the metric nuxeo.web.authentication.logged-users show an accurate number of currently logged-on users
Possible improvement: The counter could be made cluster-aware or cluster-wide
Other possibility; no change in implementation but making clear what the semantics of the counter is