You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Maarten Abbink <ma...@abbink.me> on 2016/07/10 14:35:34 UTC
Expiring all Sessions and RememberMe cookies
Hi everyone,
I was reading the source code of the DefaultWebSecurityManager,
ServletContainerSessionManager and CookieRememberMeManager looking for a
way to expire all existing Sessions and RememberMe cookies for a given
user. The use case would be for a feature like Gmail's "log me out
everywhere" option.
Does Shiro have such a feature already, or would I have to write my own
SessionManager and RememberMeManager that compare the SessionID/RememberMe
cookie to a revocation list upon every request?
Thanks in advance for your help
Re: Expiring all Sessions and RememberMe cookies
Posted by Brian Demers <br...@gmail.com>.
Take a look at this thread:
http://shiro-user.582556.n2.nabble.com/log-out-all-subjects-td7001172.html
On Sun, Jul 10, 2016 at 10:35 AM, Maarten Abbink <ma...@abbink.me>
wrote:
> Hi everyone,
>
> I was reading the source code of the DefaultWebSecurityManager,
> ServletContainerSessionManager and CookieRememberMeManager looking for a
> way to expire all existing Sessions and RememberMe cookies for a given
> user. The use case would be for a feature like Gmail's "log me out
> everywhere" option.
>
> Does Shiro have such a feature already, or would I have to write my own
> SessionManager and RememberMeManager that compare the SessionID/RememberMe
> cookie to a revocation list upon every request?
>
> Thanks in advance for your help
>