This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Event-Based Session Termination
When a user's password is reset or a user is deleted, all the existing active sessions associated with the user must be invalidated or terminated in order to ensure the safety of the application. This topic guides you through enabling session termination. When it is enabled, user sessions are terminated when the following events occur:
- Update user credentials
- Delete user
- Lock user account
- Disable user account
To use this feature, apply the 3685 WUM update for WSO2 IS 5.7.0 using the WSO2 Update Manager (WUM).
To deploy a WUM update into production, you need to have a paid subscription. If you do not have a paid subscription, you can use this feature with the next version of WSO2 Identity Server when it is released. This feature is enabled by default from WSO2 IS 5.8.0 onwards. For more information on updating WSO2 Identity Server using WUM, see Getting Started with WUM in the WSO2 Administration Guide.
Follow the steps given below to enable this functionality.
Add the following configuration to the
identity.xml
file located in the<IS_HOME>/repository/conf/identity
folder within the<SessionDataPersist>
tag.<JDBCPersistenceManager> ..... <SessionDataPersist> ..... <UserSessionMapping> <Enable>true</Enable> </UserSessionMapping> </SessionDataPersist> </JDBCPersistenceManager>
Create the following new tables in the database using the appropriate query.