[MAGNOLIA-9252] CLONE - Tracking MgnlUser sessions using HttpSessionListener Created: 16/Jan/24  Updated: 19/Jan/24  Resolved: 19/Jan/24

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: 6.3.0

Type: Improvement Priority: Neutral
Reporter: Jan Haderka Assignee: Nguyen Phung Chi
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
clones MAGNOLIA-9236 Tracking MgnlUser sessions using Http... Closed
Relates
relates to MAGNOLIA-9210 Expose the number of concurrent autho... Open
relates to MGNLCE-394 Prepare UI test for new sessions inva... In Progress
dependency
documentation
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Team: AdminX
Work Started:

 Description   

Relates to: https://jira.magnolia-cms.com/browse/ADMINCTR-511

When changing the password from one browser while another active session was in progress on a different browser, the new password was successfully updated, and the old session remained active.

Approach

  • This ticket will provide a HttpSessionListener in order to track the sessions from an authenticated MgnlUser
  • Then, later on we can invalidate all sessions in some cases, e.g changing the password

Documentation notes:

<listener>
  <listener-class>info.magnolia.cms.security.DefaultHttpSessionListener</listener-class>
</listener>
  • As discussed with mgeljic , we agreed that the listener will be setup/enabled by default, but not for existing installs
  • So, we should document it how to register/enable the listener in order to have the feature work https://jira.magnolia-cms.com/browse/ADMINCTR-511 (invalidate/logout all sessions when user changed the password), and the customers need to enable by themself if they want

Generated at Mon Feb 12 04:40:00 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.