+ Rizmeer
On Wed, Sep 5, 2018 at 11:18 AM Ruwan Abeykoon <[email protected]> wrote:
> Hi All,
> +1 for Dulanja suggestion (If i get it correctly) - The API should be able
> to query with "UserID" and not based on "sessionID". We can use "SessionID"
> as an authentication mechanism, if necessary.
>
> e.g. /api/sessions/v1.0/users/{userId} // This is for illustration only,
> we need to come up with proper scheme.
> The userID should be either plain or encrypted based on privacy setting.
>
> Yes, this should replace the Analytics based session counting. Session
> tracking should be part and parcel with the product.
>
> Cheers,
> Ruwan
>
> On Wed, Sep 5, 2018 at 10:39 AM Dulanja Liyanage <[email protected]> wrote:
>
>> So that means the user will have to grab the commonauthId values from
>> all the browsers (in different devices) in order to get different session
>> information. IMO there should be a way the user can view all his/her
>> sessions via a single API call.
>>
>> Currently, a user can view all his/her sessions from the IS Dashboard
>> [1], and that is powered by IS Analytics. Is this new feature trying to
>> replace that? If so, there should be an API to retrieve all the sessions.
>> If that is not the purpose of this feature, I'd like to understand the
>> real-world usage of this new API.
>>
>> [1] https://docs.wso2.com/display/IS560/Terminating+User+Sessions
>>
>> Thanks,
>> Dulanja
>>
>> On Wed, Sep 5, 2018 at 10:08 AM, Chuhaashanan Nagenthiran <
>> [email protected]> wrote:
>>
>>> Here, SessionID is got from the cookie and user makes the API call by
>>> using the sessionID.
>>>
>>> Thanks.
>>>
>>> On Tue, Sep 4, 2018 at 5:32 PM, Dulanja Liyanage <[email protected]>
>>> wrote:
>>>
>>>> In that case, how does the user get hold of the SessionID to do the
>>>> API call? Does s/he has to get it from the cookie? or is there another API
>>>> that provides all the commonauthId values that were generated for all
>>>> the browser sessions?
>>>>
>>>> Thanks.
>>>>
>>>> On Tue, Sep 4, 2018 at 2:39 PM, Chuhaashanan Nagenthiran <
>>>> [email protected]> wrote:
>>>>
>>>>> Hi Dulanja,
>>>>>
>>>>> Yes. SessionID is the same value in commonauth cookie.
>>>>>
>>>>> Regards,
>>>>>
>>>>> On Tue, Sep 4, 2018 at 12:48 PM, Dulanja Liyanage <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> Hi Chuhaashanan,
>>>>>>
>>>>>> How is this SessionID generated? Is it same as the value of
>>>>>> commonauthId cookie?
>>>>>>
>>>>>> Thanks,
>>>>>> Dulanja
>>>>>>
>>>>>> On Mon, Sep 3, 2018 at 6:16 PM, Chuhaashanan Nagenthiran <
>>>>>> [email protected]> wrote:
>>>>>>
>>>>>>> +1
>>>>>>>
>>>>>>> On Mon, Sep 3, 2018 at 5:42 PM, Ruwan Abeykoon <[email protected]>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Chuhaashanan,
>>>>>>>> It would be much extensible if "Session" table has JSON structure
>>>>>>>> or something along, having "Browser, OS, Location" etc.
>>>>>>>> Reason is that, Browser info has lot of sub units (e.g. Engine,
>>>>>>>> Version), OS (Type, Version, Distribution), Location(Country, City,
>>>>>>>> Coordinates)
>>>>>>>> Also we might need Device.
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>> Ruwan
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Aug 15, 2018 at 2:09 PM Chuhaashanan Nagenthiran <
>>>>>>>> [email protected]> wrote:
>>>>>>>>
>>>>>>>>> Hi All,
>>>>>>>>>
>>>>>>>>> *Problem*
>>>>>>>>>
>>>>>>>>> A user may wants to view his recently or currently logged in
>>>>>>>>> session details and terminate a currently logged in acc. But wso2 IS
>>>>>>>>> server
>>>>>>>>> does not provide this function now.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Solution*
>>>>>>>>>
>>>>>>>>> Develop an API to provide following functionalities.
>>>>>>>>>
>>>>>>>>> - Retrieve information of currently logged in and recently used
>>>>>>>>> sessions since last password changes.
>>>>>>>>> - Retrieve Time, location, OS and browser details of each
>>>>>>>>> session Logged in and recently used.
>>>>>>>>> - Terminate a particular logged in account.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Retrieve session information*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> * - User can view his currently logged in details and recently
>>>>>>>>> used session information. In each session, information about last time
>>>>>>>>> used, location, browser and OS details.- To view information, user
>>>>>>>>> has to
>>>>>>>>> request HTTP GET request with SessionID and can query by
>>>>>>>>> ServiceProvider
>>>>>>>>> detail for particular account. Then API will query alive UserID for
>>>>>>>>> given
>>>>>>>>> details and produce required information for user.*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Terminate a particular account*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> - If a user or admin wants to logged out from a logged in
>>>>>>>>> account, he can terminate particular account session.
>>>>>>>>> - If Identity Provider/ Service Provider/ User Account is
>>>>>>>>> deleted by admin, session will be automatically terminated by event
>>>>>>>>> listeners.
>>>>>>>>> - *To terminate an account, user has to request HTTP POST request
>>>>>>>>> with SessionID and can query by ServiceProvider detail for
>>>>>>>>> particular
>>>>>>>>> account. Then API will query alive UserID for given details and
>>>>>>>>> terminate
>>>>>>>>> account.*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Database design*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> - *UserID* which is mapped to* IDP, IDP UserID* and *Service
>>>>>>>>> Provider* is used to identify unique account.
>>>>>>>>> - Through *UserID*, information of particular account will be
>>>>>>>>> provided.
>>>>>>>>> - In *Session* table, details of *Browser, OS* and *Location*
>>>>>>>>> will not be used in query. So we can store this information as
>>>>>>>>> JSON object.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Chuhaashanan
>>>>>>>>> Intern - Software Engineering
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> *Ruwan Abeykoon*
>>>>>>>> *Associate Director/Architect**,*
>>>>>>>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
>>>>>>>> *lean.enterprise.middleware.*
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Chuhaashanan
>>>>>>> Intern - Software Engineering
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Dev mailing list
>>>>>>> [email protected]
>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Thanks & Regards,
>>>>>> Dulanja Liyanage
>>>>>> Lead, Platform Security Team
>>>>>> WSO2 Inc.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Chuhaashanan
>>>>> Intern - Software Engineering
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thanks & Regards,
>>>> Dulanja Liyanage
>>>> Lead, Platform Security Team
>>>> WSO2 Inc.
>>>>
>>>
>>>
>>>
>>> --
>>> Chuhaashanan
>>> Intern - Software Engineering
>>>
>>>
>>
>>
>> --
>> Thanks & Regards,
>> Dulanja Liyanage
>> Lead, Platform Security Team
>> WSO2 Inc.
>>
>
>
> --
>
> *Ruwan Abeykoon*
> *Associate Director/Architect**,*
> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
> *lean.enterprise.middleware.*
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
--
Pushpalanka.
--
Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/
Mobile: +94779716248
Blog: pushpalankajaya.blogspot.com/ | LinkedIn:
lk.linkedin.com/in/pushpalanka/ | Twitter: @pushpalanka
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
