Terminate all the active sessions at once.
Hi team, I have a user who has more than 20 sessions when I search the sessions that he has with https://zitadel.com/docs/apis/resources/session_service_v2/session-service-list-sessions. Do we have an option to terminate all the sessions at once instead of terminating the session one at a time with https://zitadel.com/docs/apis/resources/session_service_v2/session-service-delete-session ?
This termination at once would help us a lot. Thanks
ZITADEL Docs
Terminate your own session or if granted any other session.
17 Replies
I believe at the moment we do not have a bulk terminate, terminate all user sessions. @livio @stebenz you might be able to add more information, in case i missed something
Firstly, is there a way to get all-active session of the user? So that we can terminate active sessions one at a time. If not there is no bulk option.
In addition to that, https://zitadel.com/docs/apis/resources/session_service_v2/session-service-list-sessions. The response, for this request does not provide user agent info and expiration date for the hosted instance. If we have that expiration date we can minimize calls based on the expiration date whether to ignore that particular session or not. Otherwise irrespective of session is active or not, needed to make the termination request for all sessions.
from what i see in our api docs, the response should include the user agent and the expiration date, is it empty ?
Yes, this is the format of the response we are receiving
{
"id": "",
"creationDate": "2024-12-18T06:04:18.983543Z",
"changeDate": "2024-12-18T06:04:18.983543Z",
"sequence": "4",
"factors": {
"user": {
"verifiedAt": "2024-12-18T06:04:18.973849Z",
"id": "",
"loginName": "",
"displayName": "",
"organizationId": ""
},
"intent": {
"verifiedAt": "2024-12-18T06:04:18.975776Z"
}
}
},
ok, in that case it looks like a bug, can you open up an issue in the github repository? It is easier to track there than in discord
We will create a GitHub issue.
To the earlier question, is there a way to get only active sessions of the user ID? In our case, we want our clients to have only two active sessions. As we have license-based subscriptions.
From what I see in the docs, this is currently not possible. But let me loop in @stebenz and @livio they might be able to help
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View
@stebenz We noticed that when using a hosted instance, the expiration and userAgent fields were missing from the response, for that we raised a Git issue(https://github.com/zitadel/zitadel/issues/9276).
The active filter is essential for accurately tracking active sessions. Relying solely on expiration might lead to edge cases where terminated sessions are included in the latest fetched data, potentially missing out on truly active sessions. For example, if a system allows only five concurrent sessions, fetching the latest five sessions might return only terminated ones, while actual active sessions exist beyond that window. This could lead to unintended access issues.
Having a dedicated active filter would be beneficial for many users, especially those implementing session-based access restrictions. This enhancement would add significant value.
GitHub
Issues · zitadel/zitadel
ZITADEL - Identity infrastructure, simplified for you. - Issues · zitadel/zitadel
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View
What if the session is not terminated but expired. Then will that be listed in the session list api.
I could see that expired ones are included in the response.
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View
Yeah got that. I just wanted to know whether you would be interested in implementing that enhancement.
Why you are not including terminated ones? As an admin, I would like to look at the sessions of the client. For example, to keep track of unusual logging out pattersn, etc
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View
ok sure
Unknown User•8mo ago
Message Not Public
Sign In & Join Server To View
In my case (to get active sessions), what event_type would be ideal for us with events api?