So that means the user will have to grab the commonauthId values from all the browsers (in different devices) in order to get different session information. IMO there should be a way the user can view all his/her sessions via a single API call.
Currently, a user can view all his/her sessions from the IS Dashboard [1], and that is powered by IS Analytics. Is this new feature trying to replace that? If so, there should be an API to retrieve all the sessions. If that is not the purpose of this feature, I'd like to understand the real-world usage of this new API. [1] https://docs.wso2.com/display/IS560/Terminating+User+Sessions Thanks, Dulanja On Wed, Sep 5, 2018 at 10:08 AM, Chuhaashanan Nagenthiran < [email protected]> wrote: > Here, SessionID is got from the cookie and user makes the API call by > using the sessionID. > > Thanks. > > On Tue, Sep 4, 2018 at 5:32 PM, Dulanja Liyanage <[email protected]> wrote: > >> In that case, how does the user get hold of the SessionID to do the API >> call? Does s/he has to get it from the cookie? or is there another API that >> provides all the commonauthId values that were generated for all the >> browser sessions? >> >> Thanks. >> >> On Tue, Sep 4, 2018 at 2:39 PM, Chuhaashanan Nagenthiran < >> [email protected]> wrote: >> >>> Hi Dulanja, >>> >>> Yes. SessionID is the same value in commonauth cookie. >>> >>> Regards, >>> >>> On Tue, Sep 4, 2018 at 12:48 PM, Dulanja Liyanage <[email protected]> >>> wrote: >>> >>>> Hi Chuhaashanan, >>>> >>>> How is this SessionID generated? Is it same as the value of >>>> commonauthId cookie? >>>> >>>> Thanks, >>>> Dulanja >>>> >>>> On Mon, Sep 3, 2018 at 6:16 PM, Chuhaashanan Nagenthiran < >>>> [email protected]> wrote: >>>> >>>>> +1 >>>>> >>>>> On Mon, Sep 3, 2018 at 5:42 PM, Ruwan Abeykoon <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Chuhaashanan, >>>>>> It would be much extensible if "Session" table has JSON structure or >>>>>> something along, having "Browser, OS, Location" etc. >>>>>> Reason is that, Browser info has lot of sub units (e.g. Engine, >>>>>> Version), OS (Type, Version, Distribution), Location(Country, City, >>>>>> Coordinates) >>>>>> Also we might need Device. >>>>>> >>>>>> Cheers, >>>>>> Ruwan >>>>>> >>>>>> >>>>>> On Wed, Aug 15, 2018 at 2:09 PM Chuhaashanan Nagenthiran < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> *Problem* >>>>>>> >>>>>>> A user may wants to view his recently or currently logged in session >>>>>>> details and terminate a currently logged in acc. But wso2 IS server does >>>>>>> not provide this function now. >>>>>>> >>>>>>> >>>>>>> *Solution* >>>>>>> >>>>>>> Develop an API to provide following functionalities. >>>>>>> >>>>>>> - Retrieve information of currently logged in and recently used >>>>>>> sessions since last password changes. >>>>>>> - Retrieve Time, location, OS and browser details of each >>>>>>> session Logged in and recently used. >>>>>>> - Terminate a particular logged in account. >>>>>>> >>>>>>> >>>>>>> *Retrieve session information* >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> * - User can view his currently logged in details and recently used >>>>>>> session information. In each session, information about last time used, >>>>>>> location, browser and OS details.- To view information, user has to >>>>>>> request >>>>>>> HTTP GET request with SessionID and can query by ServiceProvider detail >>>>>>> for >>>>>>> particular account. Then API will query alive UserID for given details >>>>>>> and >>>>>>> produce required information for user.* >>>>>>> >>>>>>> >>>>>>> *Terminate a particular account* >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> - If a user or admin wants to logged out from a logged in >>>>>>> account, he can terminate particular account session. >>>>>>> - If Identity Provider/ Service Provider/ User Account is >>>>>>> deleted by admin, session will be automatically terminated by event >>>>>>> listeners. >>>>>>> - *To terminate an account, user has to request HTTP POST request >>>>>>> with SessionID and can query by ServiceProvider detail for particular >>>>>>> account. Then API will query alive UserID for given details and >>>>>>> terminate >>>>>>> account.* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *Database design* >>>>>>> >>>>>>> >>>>>>> - *UserID* which is mapped to* IDP, IDP UserID* and *Service >>>>>>> Provider* is used to identify unique account. >>>>>>> - Through *UserID*, information of particular account will be >>>>>>> provided. >>>>>>> - In *Session* table, details of *Browser, OS* and *Location* >>>>>>> will not be used in query. So we can store this information as JSON >>>>>>> object. >>>>>>> >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>> -- >>>>>>> Chuhaashanan >>>>>>> Intern - Software Engineering >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> *Ruwan Abeykoon* >>>>>> *Associate Director/Architect**,* >>>>>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * >>>>>> *lean.enterprise.middleware.* >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Chuhaashanan >>>>> Intern - Software Engineering >>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Dulanja Liyanage >>>> Lead, Platform Security Team >>>> WSO2 Inc. >>>> >>> >>> >>> >>> -- >>> Chuhaashanan >>> Intern - Software Engineering >>> >>> >> >> >> -- >> Thanks & Regards, >> Dulanja Liyanage >> Lead, Platform Security Team >> WSO2 Inc. >> > > > > -- > Chuhaashanan > Intern - Software Engineering > > -- Thanks & Regards, Dulanja Liyanage Lead, Platform Security Team WSO2 Inc.
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
