Join 34,000+ subscribers and receive articles from our blog about software quality, testing, QA and security.
 

Flush all UI sessions for specific user


#1

Hello,

Is there any way to flush all active user sessions from Admin UI(/admin/overview), hosted in Cloud ?

Problem and steps to reproduce:

  1. We have user LOGIN with password OLD_PASS and active session (user logged in UI)
  2. Change password of user LOGIN to NEW_PASS (from OLD_PASS)
  3. Open dahsboard link in browser with active session
  4. I expect that I will see login page, but I can do anything in UI like I didn’t change password. I expect that after password change all sessions should automatically expire, but it’s not
  5. I try to chenge e-mail, password, disable and enable user again - it’s not working, session
    is not expired

Temporary solution:

  1. Disable old user
  2. Create a new user

Thanks in advance.


#2

Hi Alex,

Thanks for your posting. You can log out to clear the current session (or close your browser if you don’t use the remember-me feature), or the session times out eventually on its own after a few days.

Cheers,
Tobias


#3

Hi,

Thanks for your posting. But what should I do if I want to clear all sessions for specific user? For example, user was logged in on Notebook and Work PC. Notebook was stolen and now you want to change password and flush all session that associated with that user. What I can do in this situation (except recreate user)?

About session expiration, if Notebook’s session will be still using then it wouldn’t expired after few days…


#4

Hi Alex,

In this case, you can disable the user and add a new user account instead. The session for deactivated/disabled users is disabled immediately and previous sessions cannot be resumed.

Cheers,
Tobias