I have a superadmin user in my system, and this user should be able to close all open session or select from users who are logged, which session to log out. There is a way of doing this without adding a new column to the AspNetUsers??
Asked
Active
Viewed 1,443 times
3
-
What do you mean, "close the session"? Do you mean to log out the users? – John Saunders Apr 28 '15 at 15:31
-
yes, that's what I mean John Saunders – Luis Lopez Apr 28 '15 at 15:38
-
I think it is a duplicate with this [how-can-i-force-a-log-out-of-all-users-for-a-website](http://stackoverflow.com/questions/5488547/how-can-i-force-a-log-out-of-all-users-for-a-website) – Daniele Apr 28 '15 at 15:43
-
1I wouldn't consider this a duplicate since it is using OWIN middleware instead of forms authentication. – Jeremy Cook Apr 28 '15 at 17:33
1 Answers
3
If you are using OWIN authentication middleware, you can update security stamp for users to log them out. Here is documentation: https://msdn.microsoft.com/en-us/library/dn497579%28v=vs.108%29.aspx. But users won't be logged out immediately, because security stamp is checked at specific period of time. This interval is controlled by validateInterval parameter in authentication configuration (probably in Startup.cs). If you set validateInterval to zero, security stamp is checked on every request.
ranquild
- 1,799
- 1
- 16
- 25
-
I think you can update security stamp for all users without a problem. Users that are not logged in will be unaffected by this. – ranquild Apr 30 '15 at 15:28