[CORE-1512] Allow only one active session per staff user - Blesta

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.3.2
Fix Version/s: Short Term
Component/s: Staff Interface
Labels:
None

Description

Add a setting to Staff Group settings that, if enabled, will destroy all open sessions for a user if that user authenticates again with a different session.

For example, if a user logs in with browser A, then logs in with browser B, the session in browser A would be destroyed upon login with browser B. In other words, only one active session is allowed per user.

Activity

Hide

Permalink

Tyson Phillips (Inactive) added a comment - 31/Jan/20 7:40 PM

We probably need to update the session handler for this (PDOHandler) and use a token to reference a single user across all sessions to find them easily, then update their expire date to be in the past so the sessions are expired.

One potential issue is the SessionHandlerInterface that is being used does not provide a way to fetch any other session user's info, so we would need a way to do that. TBD

Show

Tyson Phillips (Inactive) added a comment - 31/Jan/20 7:40 PM We probably need to update the session handler for this (PDOHandler) and use a token to reference a single user across all sessions to find them easily, then update their expire date to be in the past so the sessions are expired. One potential issue is the SessionHandlerInterface that is being used does not provide a way to fetch any other session user's info, so we would need a way to do that. TBD

People

Assignee:

Tyson Phillips (Inactive)

Reporter:

Cody Phillips (Inactive)

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

08/Dec/14 4:14 PM

Updated:

31/Jan/20 7:42 PM

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

2h 11m

Agile

Completed Sprint:

4.9.0 Sprint 2 ended 23/Jan/20
View on Board