Handle multiple login sessions from same user in Horizon
Summary
=======
When a given user login in Horizon from multiples device/browser with same credential the admin of the system
should choose whether is better invalidate the active sessions from previous device/browser that still logged and keep as a valid session only the currently one or keep users able to multiples device/browser with same credential.
Motivation
========
Horizon's backend currently does not handle multiple sessions, it simply creates a new session key for each successfully authenticated session. If the user login into Horizon from multiples devices or browsers, a new valid session key will be created per session. In order to have more control over the user's login, the admin should have the option to make the backend invalidate the last session as soon as the user login in a new one or not.
Description
=========
In order to handle this simultaneous sessions using the same credentials, it's necessary to have an option for the admin choose to enable or disable the backend checking the auth key of the user and make sure that the same user is not logged in another device and whether the user is invalidate the previous session from the last device/browser the user was logged.
With this option the admin can choose the better option to the project needs.
A good way to give this option to the admin is creating a simultaneous sessions middleware that will handle the strategy to allow or not the
simultaneous login. This middleware will act according to the parameter on settings.py.
e.g:
HORIZON_CONFIG = {
'user_home': 'openstack_
'simultaneo
...
Using this idea, the admin can change the parameter 'allow' to simultaneous_
'disconnect' when is better invalid multiple sessions.
UX
===
The UX will have a change on behave as every time the user login in a different device/browser and
whether another device/browser are logged with the same credential it will be logout the last device/browser that
were logged and it will be just keep one device/browser with the credential
Blueprint information
- Status:
- Complete
- Approver:
- Vishal Manchanda
- Priority:
- Undefined
- Drafter:
- Arthur Luz de Ávila
- Direction:
- Approved
- Assignee:
- Thales Elero Cervi
- Definition:
- New
- Series goal:
- None
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Thales Elero Cervi
- Completed by
- Thales Elero Cervi