selectively inhibit previous session

Jim Fox fox at
Thu May 21 21:30:28 UTC 2020

>> How can I inhibit the previous session handler based on the user's login
>> id?  (This would be, say, to prevent reuse of a session from a stolen
>> password login.)
> The design is built around not worrying about the session, it doesn't matter. What you want to inhibit is the authentication results from being reused, and all of them have a reuseCondition attached to control that now.

My problem is that I want a Password flow to run and be successful.  Can I detect in my mfa script which flow established the session?


More information about the users mailing list