[IdP] Old active user sessions

Forge Component
(43)
Published on 5 Jun by Leonardo Fernandes
43 votes
Published on 5 Jun by Leonardo Fernandes

On the IdP User Sessions page I see a lot of old active user sessions. Th eoldest one is 10 days ago. Do I need to worry about this or should I configure an idle timeout somewhere in IdP?

My configuration is done again Azure Active Directory by the way.

Ideally, you should not worry Raymond. However it's recommended to have a timeout in certain type of services e.g. financials app.

Hello, similar "problem" here.... some users have around 150 active sessions going 3 months back... is there an "end session" we are missing somewere? Thanks!


There are individual "kill" session option, but it is manual activity. 

yes, ive done that for now... but its strange new sessions don't kill/close old ones. We started expierencing some issues of people not able to connect to /idp/ but not sure its a problem with the session...

Diego Barrantes wrote:

yes, ive done that for now... but its strange new sessions don't kill/close old ones. We started expierencing some issues of people not able to connect to /idp/ but not sure its a problem with the session...

You can create an extra logic to kill the session after an X period of time or after detecting a new session to the same user


Indeed, basis Username, you may kill the MessageID; but this requires custom development. 

By the way, think about implementing the Logout flow, if not already :)