Expire all current user sessions

Problem Definition

If a Crowd Administrator needs to forcefully drop all active users for any specific reason (due to password policy changes, security breaches etc), currently there is no one-click solution.

The ability to drop a specific User session currently exists on the Current sessions menu as the Expire button:

However, dropping all active user sessions can take time and effort if multiple users are currently logged in (eg. 200-300 sessions), as the Admin will have to click on the Expire button once for every active session.

Suggested Solution

Create a new button to Expire all sessions on the Current Sessions menu that will essentially target all listed sessions and bulk-drop them. It would be a good idea to require a confirmation to avoid any misclicks.

Having this button aligned with the Expire buttons for individual users on the vertical axis and horizontally with the Filter boxes (Name, Directory, Results per page) would be intuitively be a good place for it.

Workaround

Crowd Administrators can write a script to execute this function via REST API calls.

1. Fetch all active session hashes:

   curl --silent -u ${ADMIN_USERNAME}:${ADMIN_PASS} -XGET ${CROWD_BASE_URL}/rest/admin/latest/sessions/user\?limit\=-1 | jq '.values[].randomHash' | sed 's/\"//g
   

2. Iterate over each line and for each ${hash} invoke:

   curl -u ${ADMIN_USERNAME}:${ADMIN_PASS} -XDELETE ${CROWD_BASE_URL}/rest/admin/latest/sessions/${hash}