What does the session manager module do?
The session manager module allows members to manage (see active and revoke) login sessions across devices used to access the CMS. Each login to a member's account is tracked and can be managed from their profile page.
How to use it
Silverstripe CMS Session Manager is installed by default.
When logging in with Keep me signed in for 30 days" checked, a session will remain active on that device for the full 30 days unless it is terminated prior to that allocated timeframe. Without this option checked, a session will only last for the duration of your browser session.
Viewing login sessions
In order to view login sessions once logged in, navigate to your profile by clicking on your name in the left hand CMS menu. Every valid and currently active login session will be listed under Login sessions.
There is various data associated with every login session that can be used to identify the device that is logged in.
- Operating system
- IP address
- Last active time
- Sign-in time
To remove access for a session associated with a device, click the Log out link next to the session you want to remove. This session will be immediately removed and anyone viewing the CMS using this session will need to log back in.
Administrators can also revoke all active sessions for all users by triggering the
dev/tasks/InvalidateAllSessions task either in the browser or via the CLI. Note that this will also revoke the session of the user activating the task, so if this is triggered via the browser, that user will need to log back in to perform further actions.