Issue with session user management

Support
,
#1

In the audit menu, session management. I have a list of logged users.

When I want to kick an user from the app, I select the session and click on the button “Invalidate”, this cause an error on the user on the next request of the user that have been kicked that says: Invalid JSON response from server: This session has been expired (possibly due to multiple concurrent logins being attempted as the same user) and don’t redirect to the login, only redirect to the login on second request or if the user do an F5 to update the page.

How I can manage this error to not show any message and redirect directly to the login?

I appreciate any helps. Thanks

#3

Hello!

I have reproduced this behavior, and it seems that the VaadinSession is not notified about the session invalidation after userSessions.invalidate() . This may be the reason for the system notification with an error message that cannot be hidden by the custom system messages provider.

I created a GitHib issue: Users are not automatically redirected to the login page when sessions are invalidated via UserSessionsView · Issue #4977 · jmix-framework/jmix · GitHub

As workaround you can override the UserSessionsView and onSessionsTableExpire().

ExtUserSessionsView.java 
@Route(value = "audit/usersessions", layout = DefaultMainViewParent.class)
@ViewController(id = "userSession.view")
@ViewDescriptor(path = "ext-user-sessions-view.xml")
public class ExtUserSessionsView extends UserSessionsView {

    @Autowired
    private SessionHolder sessionHolder;

    @Override
    protected void onSessionsTableExpire(ActionPerformedEvent event) {
//        super.onSessionsTableExpire(event);

        // Workaround
        if (sessionsTable.getSelectedItems().isEmpty()) {
            notifications.create(messages.getMessage(UserSessionsView.class, "needSelectSession"))
                    .withType(Notifications.Type.WARNING)
                    .show();
        } else {
            for (UserSession session : sessionsTable.getSelectedItems()) {
                userSessions.invalidate(session);

                UserDetails userDetails = (UserDetails) session.getPrincipal();
                Map<String, List<VaadinSession>> userSessionsMap = sessionHolder.getActiveSessionsForUsernames(List.of(userDetails.getUsername()));

                List<VaadinSession> vaadinSessions = userSessionsMap.get(userDetails.getUsername());
                for (VaadinSession vaadinSession : vaadinSessions) {
                    if (Objects.equals(vaadinSession.getSession().getId(), session.getSessionId())) {
                        // Lock to close?
                        // vaadinSession.close();
                        vaadinSession.getSession().invalidate();
                        break;
                    }
                }

                notifications.create(messages.formatMessage(UserSessionsView.class, "sessionInvalidated", session.getSessionId()))
                        .withType(Notifications.Type.DEFAULT)
                        .show();
                refreshDlItems();
            }
        }
    }

Demo project with the workaround: session-invalidation.zip (195.9 KB)