hey,
we want to logout all user’s sessions EXCEPT the current one but all existing getUserSession methods return always null. We like to do this after password change. The situation is a myaccount option while the user is already logged in…
We tried it on the authenticationManager where you have several methods for this. Als tried on the crossdc manager amd several others.
we need this currecnt usersessionmodel to match it with the list of usersessionmodels that represent all iser sessions. Because we can not identify the current session in this full list of usersessionmodels, all sessions of the user are now logout including current one. this way user that changes its password is also logout.
Why is it so difficult to get is current usersessionmodel, wich has a getId() what seems to represent the sessionid
hey, an update:
Managed to find a solution, that - in my oppinion - is a shortcoming of keycloak…
I find out that in the reset credential flow, the current session (current usersessionmodel) is only known in (or arround) step “choose user”. When you filled in you’re email address you receive a mail, but at that moment there is no way to find the current session id…
So what i did is adding an addional step after choose user, get the current sessionid and store it iin a Note (usersessionnote /authnote).
Then after changing the password i can retrieve this note and validate it with the list of all sessions (usersessionmodel list). and logout all except this current one.
Strange that you can find all user’s sessions, but not the current one without adding additional code…
But at least we have a solution.