You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Maarten Abbink <ma...@abbink.me> on 2016/07/10 14:35:34 UTC

Expiring all Sessions and RememberMe cookies

Hi everyone,

I was reading the source code of the DefaultWebSecurityManager,
ServletContainerSessionManager and CookieRememberMeManager looking for a
way to expire all existing Sessions and RememberMe cookies for a given
user. The use case would be for a feature like Gmail's "log me out
everywhere" option.

Does Shiro have such a feature already, or would I have to write my own
SessionManager and RememberMeManager that compare the SessionID/RememberMe
cookie to a revocation list upon every request?

Thanks in advance for your help

Re: Expiring all Sessions and RememberMe cookies

Posted by Brian Demers <br...@gmail.com>.

Take a look at this thread:
http://shiro-user.582556.n2.nabble.com/log-out-all-subjects-td7001172.html

On Sun, Jul 10, 2016 at 10:35 AM, Maarten Abbink <ma...@abbink.me>
wrote:

> Hi everyone,
>
> I was reading the source code of the DefaultWebSecurityManager,
> ServletContainerSessionManager and CookieRememberMeManager looking for a
> way to expire all existing Sessions and RememberMe cookies for a given
> user. The use case would be for a feature like Gmail's "log me out
> everywhere" option.
>
> Does Shiro have such a feature already, or would I have to write my own
> SessionManager and RememberMeManager that compare the SessionID/RememberMe
> cookie to a revocation list upon every request?
>
> Thanks in advance for your help
>