How to expire a ClientStorageService session

Simon Lundström simlu at
Thu May 26 07:09:14 EDT 2016


Sometimes we have the need to expire an IDP session, say when people
give away their password to a malicious user (via phishing or other
means) which uses that to login into multiple SPs via our IDP.

After we've changed the password the IDP session is still valid. Is it
possible to expire a specific session ID caught on the IDP logs?

(I know that having a low session timeout/lifetime would help here but
that's not acceptable as a solution, good of the many etc)

- Simon


Simon Lundström
Section for Infrastructure

IT Services
Stockholm University
SE-106 91 Stockholm, Sweden

More information about the users mailing list