Hi Dimuth, I'm not sure I understand your approach. In the first phase of the project, if a user request for a new session, you will just close the existing session and create a new one, without letting the user know. Is that correct?
On Mon, Apr 2, 2018 at 10:41 AM, Dimuth Menikgama <[email protected]> wrote: > Hi Vihanga, > > AFAIU you are suggesting an improvement to first solution suggested. > Instead of closing the existing session at once, you are suggesting to > notify the user and get the approval before closing. > > This can be added to second phase of this project. In the second phase, we > hope to add functionality to prompt the user with active session > information (meta data such as device, session start time etc ) and let > user to select what session to close. > > Regards, > Dimuth Menikgama > > > On Mon, Apr 2, 2018 at 10:02 AM, Dimuth Menikgama <[email protected]> wrote: > >> Hi Denuwanthi, >> >> Currently we have decided to implement this as a conditional >> authentication function. Admin user can use this function to get the number >> of active sessions and can create a condition with the limit he wants. If >> the admin user does not use this function, no conditions will be tested >> based on session count. So the user can create unlimited number of sessions >> without any problem. >> >> Regards, >> Dimuth Menikgama. >> >> On Sat, Mar 31, 2018 at 3:24 PM, Vihanga Liyanage <[email protected]> >> wrote: >> >>> Hi Dimuth, >>> >>> >>>>> - >>>>> >>>>> What is the best way to handle new session request when maximum >>>>> allowed session limit is 1? >>>>> - >>>>> >>>>> If there is a session, close that session and create a new >>>>> session. >>>>> - >>>>> >>>>> Notify the user about the existing session and ask to end that >>>>> manually if he want to create a new session. >>>>> >>>>> >>> IMHO, I think both of these proposed methods are not suitable. Instead >>> what if we notify the user about the limitation on active sessions and ask >>> for the consent to close the existing session from our end? Closing the >>> session manually by the user could be a hassle for him especially if it was >>> another device. We can just invalidate the session from our end without >>> much effort. WDYT? >>> >>> Thanks, >>> Vihanga. >>> >>> -- >>> >>> Vihanga Liyanage >>> >>> Software Engineer | WS*O₂* Inc. >>> >>> M : +*94710124103* | http://wso2.com >>> >>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>> >> >> >> >> -- >> >> *Dimuth Menikgama* >> >> *Software Engineer* >> *WSO2* >> >> >> *Mobile : + 94 702337977 >> <%2B%2094%2011%202145345%20%C2%A0Ext.%205737>* >> >> * <%2B%2094%2011%202145300>* >> > > > > -- > > *Dimuth Menikgama* > > *Software Engineer* > *WSO2* > > > *Mobile : + 94 702337977 > <%2B%2094%2011%202145345%20%C2%A0Ext.%205737>* > > * <%2B%2094%2011%202145300>* > -- Vihanga Liyanage Software Engineer | WS*O₂* Inc. M : +*94710124103* | http://wso2.com [image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
