selectively inhibit previous session
Jim Fox
fox at washington.edu
Thu May 21 21:30:28 UTC 2020
>> How can I inhibit the previous session handler based on the user's login
>> id? (This would be, say, to prevent reuse of a session from a stolen
>> password login.)
>
> The design is built around not worrying about the session, it doesn't matter. What you want to inhibit is the authentication results from being reused, and all of them have a reuseCondition attached to control that now.
>
My problem is that I want a Password flow to run and be successful. Can I detect in my mfa script which flow established the session?
Jim
More information about the users
mailing list