Hi All,
+1 for Dulanja suggestion (If i get it correctly) - The API should be able
to query with "UserID" and not based on "sessionID". We can use "SessionID"
as an authentication mechanism, if necessary.
e.g. /api/sessions/v1.0/users/{userId} // This is for illustration only,
we need to come up with proper scheme.
The userID should be either plain or encrypted based on privacy setting.
Yes, this should replace the Analytics based session counting. Session
tracking should be part and parcel with the product.
Cheers,
Ruwan
On Wed, Sep 5, 2018 at 10:39 AM Dulanja Liyanage <[email protected]> wrote:
> So that means the user will have to grab the commonauthId values from all
> the browsers (in different devices) in order to get different session
> information. IMO there should be a way the user can view all his/her
> sessions via a single API call.
>
> Currently, a user can view all his/her sessions from the IS Dashboard [1],
> and that is powered by IS Analytics. Is this new feature trying to replace
> that? If so, there should be an API to retrieve all the sessions. If that
> is not the purpose of this feature, I'd like to understand the real-world
> usage of this new API.
>
> [1] https://docs.wso2.com/display/IS560/Terminating+User+Sessions
>
> Thanks,
> Dulanja
>
> On Wed, Sep 5, 2018 at 10:08 AM, Chuhaashanan Nagenthiran <
> [email protected]> wrote:
>
>> Here, SessionID is got from the cookie and user makes the API call by
>> using the sessionID.
>>
>> Thanks.
>>
>> On Tue, Sep 4, 2018 at 5:32 PM, Dulanja Liyanage <[email protected]>
>> wrote:
>>
>>> In that case, how does the user get hold of the SessionID to do the API
>>> call? Does s/he has to get it from the cookie? or is there another API that
>>> provides all the commonauthId values that were generated for all the
>>> browser sessions?
>>>
>>> Thanks.
>>>
>>> On Tue, Sep 4, 2018 at 2:39 PM, Chuhaashanan Nagenthiran <
>>> [email protected]> wrote:
>>>
>>>> Hi Dulanja,
>>>>
>>>> Yes. SessionID is the same value in commonauth cookie.
>>>>
>>>> Regards,
>>>>
>>>> On Tue, Sep 4, 2018 at 12:48 PM, Dulanja Liyanage <[email protected]>
>>>> wrote:
>>>>
>>>>> Hi Chuhaashanan,
>>>>>
>>>>> How is this SessionID generated? Is it same as the value of
>>>>> commonauthId cookie?
>>>>>
>>>>> Thanks,
>>>>> Dulanja
>>>>>
>>>>> On Mon, Sep 3, 2018 at 6:16 PM, Chuhaashanan Nagenthiran <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> +1
>>>>>>
>>>>>> On Mon, Sep 3, 2018 at 5:42 PM, Ruwan Abeykoon <[email protected]>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Chuhaashanan,
>>>>>>> It would be much extensible if "Session" table has JSON structure or
>>>>>>> something along, having "Browser, OS, Location" etc.
>>>>>>> Reason is that, Browser info has lot of sub units (e.g. Engine,
>>>>>>> Version), OS (Type, Version, Distribution), Location(Country, City,
>>>>>>> Coordinates)
>>>>>>> Also we might need Device.
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Ruwan
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Aug 15, 2018 at 2:09 PM Chuhaashanan Nagenthiran <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>>> Hi All,
>>>>>>>>
>>>>>>>> *Problem*
>>>>>>>>
>>>>>>>> A user may wants to view his recently or currently logged in
>>>>>>>> session details and terminate a currently logged in acc. But wso2 IS
>>>>>>>> server
>>>>>>>> does not provide this function now.
>>>>>>>>
>>>>>>>>
>>>>>>>> *Solution*
>>>>>>>>
>>>>>>>> Develop an API to provide following functionalities.
>>>>>>>>
>>>>>>>> - Retrieve information of currently logged in and recently used
>>>>>>>> sessions since last password changes.
>>>>>>>> - Retrieve Time, location, OS and browser details of each
>>>>>>>> session Logged in and recently used.
>>>>>>>> - Terminate a particular logged in account.
>>>>>>>>
>>>>>>>>
>>>>>>>> *Retrieve session information*
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> * - User can view his currently logged in details and recently used
>>>>>>>> session information. In each session, information about last time used,
>>>>>>>> location, browser and OS details.- To view information, user has to
>>>>>>>> request
>>>>>>>> HTTP GET request with SessionID and can query by ServiceProvider
>>>>>>>> detail for
>>>>>>>> particular account. Then API will query alive UserID for given details
>>>>>>>> and
>>>>>>>> produce required information for user.*
>>>>>>>>
>>>>>>>>
>>>>>>>> *Terminate a particular account*
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> - If a user or admin wants to logged out from a logged in
>>>>>>>> account, he can terminate particular account session.
>>>>>>>> - If Identity Provider/ Service Provider/ User Account is
>>>>>>>> deleted by admin, session will be automatically terminated by event
>>>>>>>> listeners.
>>>>>>>> - *To terminate an account, user has to request HTTP POST request
>>>>>>>> with SessionID and can query by ServiceProvider detail for
>>>>>>>> particular
>>>>>>>> account. Then API will query alive UserID for given details and
>>>>>>>> terminate
>>>>>>>> account.*
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> *Database design*
>>>>>>>>
>>>>>>>>
>>>>>>>> - *UserID* which is mapped to* IDP, IDP UserID* and *Service
>>>>>>>> Provider* is used to identify unique account.
>>>>>>>> - Through *UserID*, information of particular account will be
>>>>>>>> provided.
>>>>>>>> - In *Session* table, details of *Browser, OS* and *Location*
>>>>>>>> will not be used in query. So we can store this information as JSON
>>>>>>>> object.
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>
>>>>>>>> --
>>>>>>>> Chuhaashanan
>>>>>>>> Intern - Software Engineering
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> *Ruwan Abeykoon*
>>>>>>> *Associate Director/Architect**,*
>>>>>>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
>>>>>>> *lean.enterprise.middleware.*
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Chuhaashanan
>>>>>> Intern - Software Engineering
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Dev mailing list
>>>>>> [email protected]
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Thanks & Regards,
>>>>> Dulanja Liyanage
>>>>> Lead, Platform Security Team
>>>>> WSO2 Inc.
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Chuhaashanan
>>>> Intern - Software Engineering
>>>>
>>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>> Dulanja Liyanage
>>> Lead, Platform Security Team
>>> WSO2 Inc.
>>>
>>
>>
>>
>> --
>> Chuhaashanan
>> Intern - Software Engineering
>>
>>
>
>
> --
> Thanks & Regards,
> Dulanja Liyanage
> Lead, Platform Security Team
> WSO2 Inc.
>
--
*Ruwan Abeykoon*
*Associate Director/Architect**,*
*WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
*lean.enterprise.middleware.*
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
