OpenStack Dashboard (Horizon)

Handle multiple login sessions from same user in Horizon

Registered by Arthur Luz de Ávila

Summary
=======
When a given user login in Horizon from multiples device/browser with same credential the admin of the system
should choose whether is better invalidate the active sessions from previous device/browser that still logged and keep as a valid session only the currently one or keep users able to multiples device/browser with same credential.

Motivation
========
Horizon's backend currently does not handle multiple sessions, it simply creates a new session key for each successfully authenticated session. If the user login into Horizon from multiples devices or browsers, a new valid session key will be created per session. In order to have more control over the user's login, the admin should have the option to make the backend invalidate the last session as soon as the user login in a new one or not.

Description
=========
In order to handle this simultaneous sessions using the same credentials, it's necessary to have an option for the admin choose to enable or disable the backend checking the auth key of the user and make sure that the same user is not logged in another device and whether the user is invalidate the previous session from the last device/browser the user was logged.
With this option the admin can choose the better option to the project needs.

A good way to give this option to the admin is creating a simultaneous sessions middleware that will handle the strategy to allow or not the
simultaneous login. This middleware will act according to the parameter on settings.py.

e.g:
HORIZON_CONFIG = {
    'user_home': 'openstack_dashboard.views.get_user_home',
    'simultaneous_sessions': 'allow',
    ...

Using this idea, the admin can change the parameter 'allow' to simultaneous_sessions when is valid have more than one session or
'disconnect' when is better invalid multiple sessions.

UX
===
The UX will have a change on behave as every time the user login in a different device/browser and
whether another device/browser are logged with the same credential it will be logout the last device/browser that
were logged and it will be just keep one device/browser with the credential

Blueprint information

Status:
Complete
Approver:
Vishal Manchanda
Priority:
Undefined
Drafter:
Arthur Luz de Ávila
Direction:
Approved
Assignee:
Thales Elero Cervi
Definition:
New
Series goal:
None
Implementation:
Implemented
Milestone target:
None
Started by
Thales Elero Cervi
Completed by
Thales Elero Cervi

Related branches

Sprints

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.