Also, you should have another column in the User table to maintain the userstore domain. Isn't it?
On Tue, Sep 4, 2018 at 12:48 PM, Dulanja Liyanage <dula...@wso2.com> wrote: > Hi Chuhaashanan, > > How is this SessionID generated? Is it same as the value of commonauthId > cookie? > > Thanks, > Dulanja > > On Mon, Sep 3, 2018 at 6:16 PM, Chuhaashanan Nagenthiran < > chuhaasha...@wso2.com> wrote: > >> +1 >> >> On Mon, Sep 3, 2018 at 5:42 PM, Ruwan Abeykoon <ruw...@wso2.com> wrote: >> >>> Hi Chuhaashanan, >>> It would be much extensible if "Session" table has JSON structure or >>> something along, having "Browser, OS, Location" etc. >>> Reason is that, Browser info has lot of sub units (e.g. Engine, >>> Version), OS (Type, Version, Distribution), Location(Country, City, >>> Coordinates) >>> Also we might need Device. >>> >>> Cheers, >>> Ruwan >>> >>> >>> On Wed, Aug 15, 2018 at 2:09 PM Chuhaashanan Nagenthiran < >>> chuhaasha...@wso2.com> wrote: >>> >>>> Hi All, >>>> >>>> *Problem* >>>> >>>> A user may wants to view his recently or currently logged in session >>>> details and terminate a currently logged in acc. But wso2 IS server does >>>> not provide this function now. >>>> >>>> >>>> *Solution* >>>> >>>> Develop an API to provide following functionalities. >>>> >>>> - Retrieve information of currently logged in and recently used >>>> sessions since last password changes. >>>> - Retrieve Time, location, OS and browser details of each session >>>> Logged in and recently used. >>>> - Terminate a particular logged in account. >>>> >>>> >>>> *Retrieve session information* >>>> >>>> >>>> >>>> >>>> * - User can view his currently logged in details and recently used >>>> session information. In each session, information about last time used, >>>> location, browser and OS details.- To view information, user has to request >>>> HTTP GET request with SessionID and can query by ServiceProvider detail for >>>> particular account. Then API will query alive UserID for given details and >>>> produce required information for user.* >>>> >>>> >>>> *Terminate a particular account* >>>> >>>> >>>> >>>> >>>> - If a user or admin wants to logged out from a logged in account, >>>> he can terminate particular account session. >>>> - If Identity Provider/ Service Provider/ User Account is deleted >>>> by admin, session will be automatically terminated by event listeners. >>>> - *To terminate an account, user has to request HTTP POST request with >>>> SessionID and can query by ServiceProvider detail for particular >>>> account. >>>> Then API will query alive UserID for given details and terminate >>>> account.* >>>> >>>> >>>> >>>> *Database design* >>>> >>>> >>>> - *UserID* which is mapped to* IDP, IDP UserID* and *Service >>>> Provider* is used to identify unique account. >>>> - Through *UserID*, information of particular account will be >>>> provided. >>>> - In *Session* table, details of *Browser, OS* and *Location* will >>>> not be used in query. So we can store this information as JSON object. >>>> >>>> >>>> Regards >>>> >>>> -- >>>> Chuhaashanan >>>> Intern - Software Engineering >>>> >>>> >>>> >>> >>> -- >>> >>> *Ruwan Abeykoon* >>> *Associate Director/Architect**,* >>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * >>> *lean.enterprise.middleware.* >>> >>> >> >> >> -- >> Chuhaashanan >> Intern - Software Engineering >> >> >> _______________________________________________ >> Dev mailing list >> d...@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Thanks & Regards, > Dulanja Liyanage > Lead, Platform Security Team > WSO2 Inc. > -- Thanks & Regards, Dulanja Liyanage Lead, Platform Security Team WSO2 Inc.
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture