Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-5652

Expire all current user sessions



    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.


      Problem Definition

      If a Crowd Administrator needs to forcefully drop all active users for any specific reason (due to password policy changes, security breaches etc), currently there is no one-click solution.

      The ability to drop a specific User session currently exists on the Current sessions menu as the Expire button:

      However, dropping all active user sessions can take time and effort if multiple users are currently logged in (eg. 200-300 sessions), as the Admin will have to click on the Expire button once for every active session.

      Suggested Solution

      Create a new button to Expire all sessions on the Current Sessions menu that will essentially target all listed sessions and bulk-drop them. It would be a good idea to require a confirmation to avoid any misclicks.

      Having this button aligned with the Expire buttons for individual users on the vertical axis and horizontally with the Filter boxes (Name, Directory, Results per page) would be intuitively be a good place for it.


      Crowd Administrators can write a script to execute this function via REST API calls.

      1. Fetch all active session hashes:
        curl --silent -u ${ADMIN_USERNAME}:${ADMIN_PASS} -XGET ${CROWD_BASE_URL}/rest/admin/latest/sessions/user\?limit\=-1 | jq '.values[].randomHash' | sed 's/\"//g
      2. Iterate over each line and for each ${hash} invoke:
        curl -u ${ADMIN_USERNAME}:${ADMIN_PASS} -XDELETE ${CROWD_BASE_URL}/rest/admin/latest/sessions/${hash}




            Unassigned Unassigned
            tpallaro@atlassian.com Thiago Pallaro
            2 Vote for this issue
            4 Start watching this issue