Invalidating active user sessions
Invalidating user sessions through the Bamboo web interface
To invalidate a user's all active sessions through the Bamboo web interface:
- From the top navigation bar, selectAdministration> User management.
- From the list on the Users page, select the user whose sessions you'd like to invalidate.
- In the top-right corner of the User details page, select Invalidate sessions.
- In the confirmation dialog, select Confirm.
Invalidating user sessions through the Bamboo REST API
To invalidate a user's all active sessions through the Bamboo REST API, call the following endpoint as an Administrator:
DELETE /rest/admin/latest/session/{username}
Replace {username}
with the username of the account whose sessions you want to invalidate.
Invalidating persistent sessions
If you've enabled session persistence across Bamboo server restarts, sessions started before a restart can't be invalidated using any of the methods described on this page. In case you need to invalidate persistent sessions (potentially for security reasons), you can do so by deleting the file that stores session data and manually removing the rememberme
token from the database.
To invalidate persistent sessions:
- Bamboo をシャットダウンします。
- Check the following directories for the
SESSIONS.ser
file and delete it from there:$CATALINA_BASE/work/<ENGINE_NAME>/<HOSTNAME>/<APP_NAME>
$CATALINA_BASE/work/Catalina/localhost/ROOT
- Filter the
rememberme_token
table in your database by the name of the user whose sessions you want to invalidate and delete allrememberme
tokens associated with them.