How to expire a ClientStorageService session
simlu at su.se
Thu May 26 07:09:14 EDT 2016
Sometimes we have the need to expire an IDP session, say when people
give away their password to a malicious user (via phishing or other
means) which uses that to login into multiple SPs via our IDP.
After we've changed the password the IDP session is still valid. Is it
possible to expire a specific session ID caught on the IDP logs?
(I know that having a low session timeout/lifetime would help here but
that's not acceptable as a solution, good of the many etc)
Section for Infrastructure
SE-106 91 Stockholm, Sweden
More information about the users