What are the Slack Archives?

It’s a history of our time together in the Slack Community! There’s a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.

Because this space is not active, you won’t be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..

Team , Is there any documentation to implement logout from all devices in Spryker or any modules ava

U03KHDBS1CN
U03KHDBS1CN Posts: 36 πŸ§‘πŸ»β€πŸš€ - Cadet
in Slack General

Team , Is there any documentation to implement logout from all devices in Spryker or any modules available?

Comments

  • Alberto Reyer
    Alberto Reyer Lead Spryker Solution Architect / Technical Director Posts: 690 πŸͺ - Explorer

    No documentation, but for Yves it's hard, you would need to go through all sessions in the session storage and drop those for the customer you want to do it. Logout of all customers in Yves is pretty easy, just empty the session storage.

    For Glue it's easier, just drop the refresh tokens for the customer (spy_oauth_refresh_token) you want to logout and wait until the access token has expired (that's why it is a good idea to have a short lifetime for access tokens).
    An instant logout for Glue is not that easy and would require to check every Access token if it is still in the database which has a high performance impact and I would strongly advice against.

  • U03KHDBS1CN
    U03KHDBS1CN Posts: 36 πŸ§‘πŸ»β€πŸš€ - Cadet

    Session storage for Yves is redis I believe and clearing up all redis sessions for specific user wil logout from all devices right? hope Spryker/Security is the module to look at?

  • Alberto Reyer
    Alberto Reyer Lead Spryker Solution Architect / Technical Director Posts: 690 πŸͺ - Explorer

    Depends, but by default the Yves sessions are stored in redis, yes.

    To my knowledge there is no implementation yet to delete all sessions for a specific customer, as this would require to iterate through all session in the session storage, which is an expensive operation, depending on how many sessions are in the session storage.

  • U03KHDBS1CN
    U03KHDBS1CN Posts: 36 πŸ§‘πŸ»β€πŸš€ - Cadet

    Okay thank you for the information @UL6DGRULR

  • U03KHDBS1CN
    U03KHDBS1CN Posts: 36 πŸ§‘πŸ»β€πŸš€ - Cadet

    @UL6DGRULR can yon brief on the expensive operation for clearing session storage in Redis? its just identifying and clearing specific customer redis sessions right? or that needs any detailed approach

  • U031G802S74
    U031G802S74 Posts: 29 πŸ§‘πŸ»β€πŸš€ - Cadet

    maybe you can store the redis key in a database table on session creation combined with the email as second column so you have a reference which sessions are connected to which user.

  • U03KHDBS1CN
    U03KHDBS1CN Posts: 36 πŸ§‘πŸ»β€πŸš€ - Cadet

    understood. Thank you @U031G802S74

Categories