Closed daver77 closed 3 months ago
josephdecock
commented
3 months ago Yes, you can revoke server side sessions using the ISessionManagementService.RevokeSessionsAsync method. See docs here. You can use the same service to query if a session exists during the login process. You probably want to use a custom AuthorizeInteractionResponseGenerator to control the authorization experience.
RolandGuijt
commented
3 months ago @daver77 Did Joe's comment solved the issue for you? If so I'd like to close.
daver77
commented
3 months ago @RolandGuijt not tried it yet but happy to close it
RolandGuijt
commented
3 months ago Ok. Feel free to reopen if you encounter issues.
Hi, we currently have an Enterprise setup with an Id server and ASP.NET Identity authentication rolled into one. We have a 'requirement' that we should not allow concurrent logins for a single user and also end all a users sessions when they reset their password.
As far as I can see I firstly need to enable Server-Side Sessions which I presume will allow me to check for an existing session on login. Using Server-Side Sessions is it possible to revoke all sessions for a user therefore forceably logging them out of all websites?