36 lines
1.6 KiB
Text
36 lines
1.6 KiB
Text
|
|
=== Administering Sessions
|
|
|
|
If you go to the `Sessions` left menu item you can see a top level view of the number of sessions that are currently active in the realm.
|
|
|
|
.Sessions
|
|
image:{project_images}/sessions.png[]
|
|
|
|
A list of clients is given and how many active sessions there currently are for that client. You can also log out all
|
|
users in the realm by clicking the `Logout all` button on the right side of this list.
|
|
|
|
==== Limitations of the `Logout all` Operation
|
|
|
|
Any SSO cookies set will now be invalid and clients that request authentication in active browser sessions will now have to
|
|
re-login. Only certain clients are notified of this logout event, specifically clients that are using the {project_name}
|
|
OIDC client adapter. Other client types, such as SAML, will not receive a backchannel logout request.
|
|
|
|
It is important to note that any outstanding access tokens are not revoked by clicking `Logout all`. They have to
|
|
expire naturally. You have to push a <<_revocation-policy, revocation policy>> out to
|
|
clients, but that also only works with clients using the {project_name} OIDC client adapter.
|
|
|
|
==== Application Drilldown
|
|
|
|
On the `Sessions` page, you can also drill down to each client. This will bring you to the `Sessions` tab of that client.
|
|
Clicking on the `Show Sessions` button there allows you to see which users are logged into that application.
|
|
|
|
.Application Sessions
|
|
image:{project_images}/application-sessions.png[]
|
|
|
|
==== User Drilldown
|
|
|
|
If you go to the `Sessions` tab of an individual user, you can also view the session information.
|
|
|
|
.User Sessions
|
|
image:{project_images}/user-sessions.png[]
|
|
|