We currently track the SP sessions in the IdP user session. We should separate this. If we did something like used the database to track SP sessions, it would allow us to not lose details on SP sessions if a user session is destroyed for whatever reason.
In addition, this would also be very useful for administrative logout purposes. We could easily get details on all logged in SPs for a particular user from the database to build UI.
While addressing this ticket, we should also look at automatically purging expired sessions from the database.
Initial Design: https://fedorahosted.org/ipsilon/wiki/Designs/SAML%20SP%20Sessions
Fields changed
design_link: => https://fedorahosted.org/ipsilon/wiki/Designs/SAML%20SP%20Sessions
milestone: => 1.0
milestone: 1.0 m4 => 1.0
owner: => rcritten status: new => accepted
patch_available: 0 => 1
Merged as per 8445b32
resolution: => fixed status: accepted => closed
rhbz: => 0
Metadata Update from @nkinder: - Issue assigned to rcritten - Issue set to the milestone: 1.0
Log in to comment on this ticket.