Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-9236

Tracking MgnlUser sessions using HttpSessionListener

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Neutral Neutral
    • 6.2.42
    • None
    • None
    • None
    • Yes
    • Yes

      Relates to: https://jira.magnolia-cms.com/browse/ADMINCTR-511

      When changing the password from one browser while another active session was in progress on a different browser, the new password was successfully updated, and the old session remained active.

      Approach

      • This ticket will provide a¬†HttpSessionListener in order to track the sessions from an authenticated MgnlUser
      • Then, later on we can invalidate all sessions in some cases, e.g changing the password

      Documentation notes:

      <listener>
        <listener-class>info.magnolia.cms.security.DefaultHttpSessionListener</listener-class>
      </listener>
      
      • As discussed with mgeljic , we agreed that the listener will be setup/enabled by default, but not for existing installs
      • So, we should document it how to register/enable the listener in order to have the feature work https://jira.magnolia-cms.com/browse/ADMINCTR-511 (invalidate/logout all sessions when user changed the password), and the customers need to enable by themself if they want

        Acceptance criteria

              nguyen.phung Nguyen Phung Chi
              had Jan Haderka
              AdminX
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved:
                Work Started: