diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java
index 27b7f4723..c423885fd 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java
@@ -83,6 +83,7 @@ public class ActiveConnectionService
     public Collection<TrackedActiveConnection> retrieveObjects(AuthenticatedUser user,
             Collection<String> identifiers) throws GuacamoleException {
 
+        boolean isAdmin = user.getUser().isAdministrator();
         Set<String> identifierSet = new HashSet<String>(identifiers);
 
         // Retrieve all visible connections (permissions enforced by tunnel service)
@@ -95,7 +96,7 @@ public class ActiveConnectionService
             // Add connection if within requested identifiers
             if (identifierSet.contains(record.getUUID().toString())) {
                 TrackedActiveConnection activeConnection = trackedActiveConnectionProvider.get();
-                activeConnection.init(user, record);
+                activeConnection.init(user, record, isAdmin);
                 activeConnections.add(activeConnection);
             }
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/activeconnection/TrackedActiveConnection.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/activeconnection/TrackedActiveConnection.java
index 8dc00fe27..f9e6ed30b 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/activeconnection/TrackedActiveConnection.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/activeconnection/TrackedActiveConnection.java
@@ -69,26 +69,40 @@ public class TrackedActiveConnection extends RestrictedObject implements ActiveC
 
     /**
      * Initializes this TrackedActiveConnection, copying the data associated
-     * with the given active connection record.
+     * with the given active connection record. At a minimum, the identifier
+     * of this active connection will be set, the start date, and the
+     * identifier of the associated connection will be copied. If requested,
+     * sensitive information like the associated username will be copied, as
+     * well.
      *
      * @param currentUser
      *     The user that created or retrieved this object.
      *
      * @param activeConnectionRecord
      *     The active connection record to copy.
+     *
+     * @param includeSensitiveInformation
+     *     Whether sensitive data should be copied from the connection record
+     *     as well. This includes the remote host, associated tunnel, and
+     *     username.
      */
     public void init(AuthenticatedUser currentUser,
-            ActiveConnectionRecord activeConnectionRecord) {
+            ActiveConnectionRecord activeConnectionRecord,
+            boolean includeSensitiveInformation) {
 
         super.init(currentUser);
         
-        // Copy all data from given record
+        // Copy all non-sensitive data from given record
         this.connectionIdentifier = activeConnectionRecord.getConnection().getIdentifier();
         this.identifier           = activeConnectionRecord.getUUID().toString();
-        this.remoteHost           = activeConnectionRecord.getRemoteHost();
         this.startDate            = activeConnectionRecord.getStartDate();
-        this.tunnel               = activeConnectionRecord.getTunnel();
-        this.username             = activeConnectionRecord.getUsername();
+
+        // Include sensitive data, too, if requested
+        if (includeSensitiveInformation) {
+            this.remoteHost = activeConnectionRecord.getRemoteHost();
+            this.tunnel     = activeConnectionRecord.getTunnel();
+            this.username   = activeConnectionRecord.getUsername();
+        }
 
     }
 
diff --git a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/ActiveConnection.java b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/ActiveConnection.java
index 8258e59db..1d20ded1d 100644
--- a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/ActiveConnection.java
+++ b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/ActiveConnection.java
@@ -34,7 +34,9 @@ import org.glyptodon.guacamole.net.GuacamoleTunnel;
 public interface ActiveConnection extends Identifiable {
 
     /**
-     * Returns the identifier of the connection being actively used.
+     * Returns the identifier of the connection being actively used. Unlike the
+     * other information stored in this object, the connection identifier must
+     * be present and MAY NOT be null.
      *
      * @return
      *     The identifier of the connection being actively used.
@@ -53,7 +55,8 @@ public interface ActiveConnection extends Identifiable {
      * Returns the date and time the connection began.
      *
      * @return
-     *     The date and time the connection began.
+     *     The date and time the connection began, or null if this
+     *     information is not available.
      */
     Date getStartDate();
 
@@ -61,7 +64,8 @@ public interface ActiveConnection extends Identifiable {
      * Sets the date and time the connection began.
      *
      * @param startDate 
-     *     The date and time the connection began.
+     *     The date and time the connection began, or null if this
+     *     information is not available.
      */
     void setStartDate(Date startDate);
 
@@ -90,7 +94,8 @@ public interface ActiveConnection extends Identifiable {
      * Returns the name of the user who is using this connection.
      *
      * @return
-     *     The name of the user who is using this connection.
+     *     The name of the user who is using this connection, or null if this
+     *     information is not available.
      */
     String getUsername();
 
@@ -98,7 +103,8 @@ public interface ActiveConnection extends Identifiable {
      * Sets the name of the user who is using this connection.
      *
      * @param username 
-     *     The name of the user who is using this connection.
+     *     The name of the user who is using this connection, or null if this
+     *     information is not available.
      */
     void setUsername(String username);
 
diff --git a/guacamole/src/main/webapp/app/rest/types/ActiveConnection.js b/guacamole/src/main/webapp/app/rest/types/ActiveConnection.js
index b51e26245..d44b27d31 100644
--- a/guacamole/src/main/webapp/app/rest/types/ActiveConnection.js
+++ b/guacamole/src/main/webapp/app/rest/types/ActiveConnection.js
@@ -59,7 +59,7 @@ angular.module('rest').factory('ActiveConnection', [function defineActiveConnect
 
         /**
          * The time that the connection began, in seconds since
-         * 1970-01-01 00:00:00 UTC.
+         * 1970-01-01 00:00:00 UTC, if known.
          *
          * @type Number 
          */
@@ -73,7 +73,7 @@ angular.module('rest').factory('ActiveConnection', [function defineActiveConnect
         this.remoteHost = template.remoteHost;
 
         /**
-         * The username of the user associated with the connection.
+         * The username of the user associated with the connection, if known.
          * 
          * @type String
          */