I am trying to figure out how to use .net core identity authentication with cookies and sessions. I want to be able to view currently logged in users/devices and revoke their sessions if necessary.
When doing services.ConfigureApplicationCookie() there is an option to specify a session store instead of keeping the user's login information/claims in a cookie. Can or should this session store be used for tracking users and logging them out? Or is this just supposed to be used for making the cookie size smaller?
I only need my session for authentication purposes (for a rest web api), I'm not sure if I need to separately use services.AddSession() and manually set session data when logging in and out - it seems the implementations I found for a RedisCacheTicketStore correctly add a cache entry on login and removes it on logout when I call signInManager.PasswordSignInAsync() and signInManager.SignOutAsync().
But I notice in those implementations the entry key is a randomly created GUID (similar to this implementation for a memory cache ticket store) - which means I would need to add something identifiable to the key like the user's ID to make it searchable or store that key again somewhere else?
I don't really want to use JWTs or IdentityServer / OpenID etc. if at all possible.
