Hi Chuhaashanan, How is this SessionID generated? Is it same as the value of commonauthId cookie?
Thanks, Dulanja On Mon, Sep 3, 2018 at 6:16 PM, Chuhaashanan Nagenthiran < chuhaasha...@wso2.com> wrote: > +1 > > On Mon, Sep 3, 2018 at 5:42 PM, Ruwan Abeykoon <ruw...@wso2.com> wrote: > >> Hi Chuhaashanan, >> It would be much extensible if "Session" table has JSON structure or >> something along, having "Browser, OS, Location" etc. >> Reason is that, Browser info has lot of sub units (e.g. Engine, Version), >> OS (Type, Version, Distribution), Location(Country, City, Coordinates) >> Also we might need Device. >> >> Cheers, >> Ruwan >> >> >> On Wed, Aug 15, 2018 at 2:09 PM Chuhaashanan Nagenthiran < >> chuhaasha...@wso2.com> wrote: >> >>> Hi All, >>> >>> *Problem* >>> >>> A user may wants to view his recently or currently logged in session >>> details and terminate a currently logged in acc. But wso2 IS server does >>> not provide this function now. >>> >>> >>> *Solution* >>> >>> Develop an API to provide following functionalities. >>> >>> - Retrieve information of currently logged in and recently used >>> sessions since last password changes. >>> - Retrieve Time, location, OS and browser details of each session >>> Logged in and recently used. >>> - Terminate a particular logged in account. >>> >>> >>> *Retrieve session information* >>> >>> >>> >>> >>> * - User can view his currently logged in details and recently used >>> session information. In each session, information about last time used, >>> location, browser and OS details.- To view information, user has to request >>> HTTP GET request with SessionID and can query by ServiceProvider detail for >>> particular account. Then API will query alive UserID for given details and >>> produce required information for user.* >>> >>> >>> *Terminate a particular account* >>> >>> >>> >>> >>> - If a user or admin wants to logged out from a logged in account, >>> he can terminate particular account session. >>> - If Identity Provider/ Service Provider/ User Account is deleted by >>> admin, session will be automatically terminated by event listeners. >>> - *To terminate an account, user has to request HTTP POST request with >>> SessionID and can query by ServiceProvider detail for particular account. >>> Then API will query alive UserID for given details and terminate >>> account.* >>> >>> >>> >>> *Database design* >>> >>> >>> - *UserID* which is mapped to* IDP, IDP UserID* and *Service >>> Provider* is used to identify unique account. >>> - Through *UserID*, information of particular account will be >>> provided. >>> - In *Session* table, details of *Browser, OS* and *Location* will >>> not be used in query. So we can store this information as JSON object. >>> >>> >>> Regards >>> >>> -- >>> Chuhaashanan >>> Intern - Software Engineering >>> >>> >>> >> >> -- >> >> *Ruwan Abeykoon* >> *Associate Director/Architect**,* >> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * >> *lean.enterprise.middleware.* >> >> > > > -- > Chuhaashanan > Intern - Software Engineering > > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Thanks & Regards, Dulanja Liyanage Lead, Platform Security Team WSO2 Inc.
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
