How to expire a ClientStorageService session
Simon Lundström
simlu at su.se
Thu May 26 07:09:14 EDT 2016
Hey!
Sometimes we have the need to expire an IDP session, say when people
give away their password to a malicious user (via phishing or other
means) which uses that to login into multiple SPs via our IDP.
After we've changed the password the IDP session is still valid. Is it
possible to expire a specific session ID caught on the IDP logs?
(I know that having a low session timeout/lifetime would help here but
that's not acceptable as a solution, good of the many etc)
BR,
- Simon
____________________________________
Simon Lundström
Section for Infrastructure
IT Services
Stockholm University
SE-106 91 Stockholm, Sweden
www.su.se/english/staff-info/it
More information about the users
mailing list