CommunityForgeAssets listConcurrent User session
concurrent-user-session
Service icon

Concurrent User session

Stable version 1.0.0 (Compatible with OutSystems 11)
Uploaded
 on 22 Jun (10 days ago)
 by 
0.0
 (0 ratings)
concurrent-user-session

Concurrent User session

Documentation
1.0.0


📘 Concurrent User Session Management Service – Technical Documentation

Overview

This service-type application is designed to enforce single-session control per user across an enterprise-grade web or mobile system. It offers centralized, modular actions to ensure that session activity is secured, validated, and periodically cleaned up, improving both performance and security posture.

Functional Objectives

  • Restrict users to a single active session at a time.
  • Prevent unauthorized or parallel logins.
  • Automatically manage and validate session integrity on every user interaction.
  • Perform scheduled cleanup of expired or idle sessions.

Service Actions

1. 🔐 ServiceCheckAndCreateSession

Description:
Executes during the login process to check whether a valid session already exists.

Workflow:

  • Queries session store using UserID.
  • If active session found:
    • Block login or notify user (based on your business logic).
  • If not found:
    • Creates a new session entry (with timestamp, token, device metadata).

Usage:
Called post-authentication, pre-login completion.

2. ✅ ServiceValidateSession

Description:
Runs on every page load or API call to ensure the current session is valid.

Workflow:

  • Extracts session token/user ID from request.
  • Validates:
    • Session exists.
    • Session is not expired or revoked.
  • If invalid:
    • Redirect or reject the request.

Usage:
Integrate as middleware in APIs or layout block in UI pages.

3. 🚪 ServiceLogoutAndClearSession

Description:
Handles session invalidation and cleanup during user logout.

Workflow:

  • Locates user session entry.
  • Deletes or marks session as expired.
  • Logs the logout time for audit trail.

Usage:
Called on logout button click or timeout trigger.

4. 🧹 DeleteLoginDetails (Timer Action)

Description:
A scheduled background task that cleans up inactive or expired sessions.

Workflow:

  • Runs every 5 minutes.
  • Scans session records based on last activity timestamp.
  • Deletes sessions inactive beyond the configured threshold (e.g., 20 mins).

Usage:
Configured as a recurring timer to auto-manage stale sessions and keep session storage optimized.