Hi All, I am in favor of not allowing the user to proceed with the current session. That is because old sessions could have unsaved data. There is no harm in stopping the creation of new session.
thanks, Dimuthu On Mon, Apr 2, 2018 at 12:09 PM, Ruwan Abeykoon <ruw...@wso2.com> wrote: > Hi Dimuth/Vihanga, > I think we need to get the minimal solution implemented and demonstrated > first. The minimal product would, > > 1. Close the oldest session, when the session count exceeds maximum > allowed count. No need to provide a UI to the user. > 2. Log the above case in separate identifiable log in IS side. > > The reason is, identifying the multiple sessions and allowing this to be > handled is a major feature itself, and there are number of technical > hurdles to overcome. > > At a later phase, we can add the feedback UI for the user, allow him to > select which sessions to close, etc. This is again a major feature. Because > the UI needs to display a lot of information about the session (Device, IP, > Time, Browser, etc), which we do not capture as of now. > > Cheers, > Ruwan > > > > On Mon, Apr 2, 2018 at 5:53 AM, Vihanga Liyanage <viha...@wso2.com> wrote: > >> Hi Dimuth, >> >> I'm not sure I understand your approach. In the first phase of the >> project, if a user request for a new session, you will just close the >> existing session and create a new one, without letting the user know. Is >> that correct? >> >> On Mon, Apr 2, 2018 at 10:41 AM, Dimuth Menikgama <dim...@wso2.com> >> wrote: >> >>> Hi Vihanga, >>> >>> AFAIU you are suggesting an improvement to first solution suggested. >>> Instead of closing the existing session at once, you are suggesting to >>> notify the user and get the approval before closing. >>> >>> This can be added to second phase of this project. In the second phase, >>> we hope to add functionality to prompt the user with active session >>> information (meta data such as device, session start time etc ) and let >>> user to select what session to close. >>> >>> Regards, >>> Dimuth Menikgama >>> >>> >>> On Mon, Apr 2, 2018 at 10:02 AM, Dimuth Menikgama <dim...@wso2.com> >>> wrote: >>> >>>> Hi Denuwanthi, >>>> >>>> Currently we have decided to implement this as a conditional >>>> authentication function. Admin user can use this function to get the number >>>> of active sessions and can create a condition with the limit he wants. If >>>> the admin user does not use this function, no conditions will be tested >>>> based on session count. So the user can create unlimited number of sessions >>>> without any problem. >>>> >>>> Regards, >>>> Dimuth Menikgama. >>>> >>>> On Sat, Mar 31, 2018 at 3:24 PM, Vihanga Liyanage <viha...@wso2.com> >>>> wrote: >>>> >>>>> Hi Dimuth, >>>>> >>>>> >>>>>>> - >>>>>>> >>>>>>> What is the best way to handle new session request when maximum >>>>>>> allowed session limit is 1? >>>>>>> - >>>>>>> >>>>>>> If there is a session, close that session and create a new >>>>>>> session. >>>>>>> - >>>>>>> >>>>>>> Notify the user about the existing session and ask to end >>>>>>> that manually if he want to create a new session. >>>>>>> >>>>>>> >>>>> IMHO, I think both of these proposed methods are not suitable. Instead >>>>> what if we notify the user about the limitation on active sessions and ask >>>>> for the consent to close the existing session from our end? Closing the >>>>> session manually by the user could be a hassle for him especially if it >>>>> was >>>>> another device. We can just invalidate the session from our end without >>>>> much effort. WDYT? >>>>> >>>>> Thanks, >>>>> Vihanga. >>>>> >>>>> -- >>>>> >>>>> Vihanga Liyanage >>>>> >>>>> Software Engineer | WS*O₂* Inc. >>>>> >>>>> M : +*94710124103 <071%20012%204103>* | http://wso2.com >>>>> >>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> *Dimuth Menikgama* >>>> >>>> *Software Engineer* >>>> *WSO2* >>>> >>>> >>>> *Mobile : + 94 702337977 >>>> <%2B%2094%2011%202145345%20%C2%A0Ext.%205737>* >>>> >>>> * <%2B%2094%2011%202145300>* >>>> >>> >>> >>> >>> -- >>> >>> *Dimuth Menikgama* >>> >>> *Software Engineer* >>> *WSO2* >>> >>> >>> *Mobile : + 94 702337977 >>> <%2B%2094%2011%202145345%20%C2%A0Ext.%205737>* >>> >>> * <%2B%2094%2011%202145300>* >>> >> >> >> >> -- >> >> Vihanga Liyanage >> >> Software Engineer | WS*O₂* Inc. >> >> M : +*94710124103 <071%20012%204103>* | http://wso2.com >> >> [image: http://wso2.com/signature] <http://wso2.com/signature> >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Dimuthu Leelarathne Director, Rapid Response Team WSO2, Inc. (http://wso2.com) email: dimut...@wso2.com Mobile: +94773661935 Blog: http://muthulee.blogspot.com Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
