Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-9236

Tracking MgnlUser sessions using HttpSessionListener

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Neutral
    • 6.2.42
    • None
    • None
    • None
    • Yes
    • Yes

    Description

      Relates to: https://jira.magnolia-cms.com/browse/ADMINCTR-511

      When changing the password from one browser while another active session was in progress on a different browser, the new password was successfully updated, and the old session remained active.

      Approach

      • This ticket will provide a HttpSessionListener in order to track the sessions from an authenticated MgnlUser
      • Then, later on we can invalidate all sessions in some cases, e.g changing the password

      Documentation notes:

      <listener>
        <listener-class>info.magnolia.cms.security.DefaultHttpSessionListener</listener-class>
      </listener>
      
      • As discussed with mgeljic , we agreed that the listener will be setup/enabled by default, but not for existing installs
      • So, we should document it how to register/enable the listener in order to have the feature work https://jira.magnolia-cms.com/browse/ADMINCTR-511 (invalidate/logout all sessions when user changed the password), and the customers need to enable by themself if they want

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                nguyen.phung Nguyen Phung Chi
                had Jan Haderka
                AdminX
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:
                  Work Started:

                  Checklists

                    Task DoD