[CORE-1512] Allow only one active session per staff user - Blesta

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.3.2
Fix Version/s: Short Term
Component/s: Staff Interface
Labels:
None

Description

Add a setting to Staff Group settings that, if enabled, will destroy all open sessions for a user if that user authenticates again with a different session.

For example, if a user logs in with browser A, then logs in with browser B, the session in browser A would be destroyed upon login with browser B. In other words, only one active session is allowed per user.

Activity

Ascending order - Click to sort in descending order

Cody Phillips (Inactive) created issue - 08/Dec/14 4:14 PM

Cody Phillips (Inactive) made changes - 08/Dec/14 4:14 PM

Field	Original Value	New Value
Link		This issue relates to CORE-1430 [ CORE-1430 ]

Paul Phillips made changes - 11/Jul/16 7:04 PM

Fix Version/s

Short Term [ 10800 ]

Paul Phillips made changes - 11/Jul/16 7:04 PM

Assignee

Cody Phillips [ cody ]

Tyson Phillips (Inactive) made changes - 30/Oct/19 2:48 PM

Rank

Ranked higher

Tyson Phillips (Inactive) made changes - 20/Dec/19 7:18 PM

Story Points

Tyson Phillips (Inactive) made changes - 20/Dec/19 7:19 PM

Sprint

4.9.0 Sprint 2 [ 99 ]

Tyson Phillips (Inactive) made changes - 20/Dec/19 7:19 PM

Rank

Ranked higher

Tyson Phillips (Inactive) made changes - 09/Jan/20 4:39 PM

Fix Version/s		4.9.0-b1 [ 11301 ]
Fix Version/s	Short Term [ 10800 ]

Tyson Phillips (Inactive) made changes - 10/Jan/20 6:58 PM

Assignee

Tyson Phillips [ tyson ]

Automated transition triggered when Tyson Phillips (Inactive) created a branch in Stash - 10/Jan/20 6:59 PM

Status

Open [ 1 ]

In Progress [ 3 ]

Tyson Phillips (Inactive) made changes - 10/Jan/20 7:47 PM

Remaining Estimate		0 minutes [ 0 ]
Time Spent		49 minutes [ 2940 ]
Worklog Id	13022 [ 13022 ]

Tyson Phillips (Inactive) made changes - 23/Jan/20 4:04 PM

Sprint

4.9.0 Sprint 2 [ 99 ]

4.9.0 Sprint 2, 4.9.0 Sprint 3 [ 99, 101 ]

Tyson Phillips (Inactive) made changes - 23/Jan/20 4:04 PM

Rank

Ranked higher

Hide

Permalink

Tyson Phillips (Inactive) added a comment - 31/Jan/20 7:40 PM

We probably need to update the session handler for this (PDOHandler) and use a token to reference a single user across all sessions to find them easily, then update their expire date to be in the past so the sessions are expired.

One potential issue is the SessionHandlerInterface that is being used does not provide a way to fetch any other session user's info, so we would need a way to do that. TBD

Show

Tyson Phillips (Inactive) added a comment - 31/Jan/20 7:40 PM We probably need to update the session handler for this (PDOHandler) and use a token to reference a single user across all sessions to find them easily, then update their expire date to be in the past so the sessions are expired. One potential issue is the SessionHandlerInterface that is being used does not provide a way to fetch any other session user's info, so we would need a way to do that. TBD

Tyson Phillips (Inactive) made changes - 31/Jan/20 7:40 PM

Sprint

4.9.0 Sprint 2, 4.9.0 Sprint 3 [ 99, 101 ]

4.9.0 Sprint 2 [ 99 ]

Tyson Phillips (Inactive) made changes - 31/Jan/20 7:40 PM

Rank

Ranked lower

Tyson Phillips (Inactive) made changes - 31/Jan/20 7:40 PM

Time Spent	49 minutes [ 2940 ]	2 hours, 11 minutes [ 7860 ]
Worklog Id	13157 [ 13157 ]

Tyson Phillips (Inactive) made changes - 31/Jan/20 7:41 PM

Fix Version/s

Short Term [ 10800 ]

Tyson Phillips (Inactive) made changes - 31/Jan/20 7:41 PM

Fix Version/s

4.9.0-b1 [ 11301 ]

Tyson Phillips (Inactive) made changes - 31/Jan/20 7:42 PM

Status

In Progress [ 3 ]

Open [ 1 ]

People

Assignee:

Tyson Phillips (Inactive)

Reporter:

Cody Phillips (Inactive)

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

08/Dec/14 4:14 PM

Updated:

31/Jan/20 7:42 PM

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

2h 11m

Agile

Completed Sprint:

4.9.0 Sprint 2 ended 23/Jan/20
View on Board