Sessions
Endpoints for managing active user sessions across devices.
GET /api/sessions
List active sessions with optional filtering.
Authentication: Required
Query Parameters:
| Parameter | Type | Description |
|---|---|---|
username | string | Filter by username |
Response:
{
"_links": {
"self": { "href": "/api/sessions" }
},
"start": 0,
"count": 2,
"total": 2,
"_embedded": {
"inf:session": [
{
"id": "session-123",
"tenant": "acme",
"username": "admin",
"parent": null,
"active": true,
"ip": "192.168.1.100",
"host": null,
"osName": "Windows",
"osVersion": "10",
"deviceType": null,
"deviceVendor": null,
"deviceModel": null,
"browserName": "Chrome",
"browserVersion": "120.0",
"requests": 127,
"data": {},
"permissions": {},
"user": {
"username": "admin",
"displayName": "Admin User",
"email": "admin@example.com",
"permissions": {}
},
"createdAt": "2024-02-09T08:00:00Z",
"updatedAt": "2024-02-09T10:30:00Z",
"lastAccessedAt": "2024-02-09T10:30:00Z",
"expiresAt": "2024-02-09T18:00:00Z",
"_links": {
"self": { "href": "/api/sessions/session-123" }
}
}
]
}
}
Notes:
- For manager tenant users, the
roleconstraint is disabled to allow viewing all sessions - Sessions include device/browser fingerprinting for security tracking
GET /api/sessions/{id}
Retrieve details for a specific session.
Authentication: Required
Path Parameters:
| Parameter | Type | Description |
|---|---|---|
id | string | Session ID |
Response:
{
"id": "session-123",
"tenant": "acme",
"username": "admin",
"parent": null,
"active": true,
"ip": "192.168.1.100",
"host": null,
"osName": "macOS",
"osVersion": "14.0",
"browserName": "Safari",
"browserVersion": "17.2",
"requests": 127,
"data": {},
"permissions": {},
"user": {
"username": "admin",
"displayName": "Admin User",
"email": "admin@example.com",
"permissions": {}
},
"createdAt": "2024-02-09T08:00:00Z",
"updatedAt": "2024-02-09T10:30:00Z",
"lastAccessedAt": "2024-02-09T10:30:00Z",
"expiresAt": "2024-02-09T18:00:00Z",
"_links": {
"self": { "href": "/api/sessions/session-123" }
}
}
DELETE /api/sessions/{id}
Terminate a specific session.
Authentication: Required
Path Parameters:
| Parameter | Type | Description |
|---|---|---|
id | string | Session ID |
Response:
204 No Content
Use Cases:
- Log out a specific device remotely
- Terminate stale or compromised sessions
- Force logout after password change
Deleting a session immediately invalidates it. Any active requests using that session will fail with 401 Unauthorized.
DELETE /api/sessions/{id}/children
Delete all child sessions (impersonated sessions) for a given session.
Authentication: Required
Path Parameters:
| Parameter | Type | Description |
|---|---|---|
id | string | Parent session ID |
Response:
204 No Content
Use Cases:
- Clear all impersonation sessions when returning to home user
- Clean up abandoned child sessions
GET /api/my-sessions
Get all sessions related to the current session (parent and children).
Authentication: Required
Pre-blocks: Current session lookup
Response:
{
"_links": {
"self": { "href": "/api/my-sessions" }
},
"start": 0,
"count": 2,
"total": 2,
"_embedded": {
"inf:session": [
{
"id": "parent-session-id",
"tenant": "acme",
"username": "admin",
"parent": null,
"active": true,
"browserName": "Chrome",
"browserVersion": "120.0",
"createdAt": "2024-02-09T08:00:00Z",
"lastAccessedAt": "2024-02-09T10:30:00Z",
"_links": {
"self": { "href": "/api/sessions/parent-session-id" }
}
},
{
"id": "child-session-id",
"tenant": "acme",
"username": "testuser",
"parent": "parent-session-id",
"active": true,
"browserName": "Chrome",
"browserVersion": "120.0",
"createdAt": "2024-02-09T09:15:00Z",
"lastAccessedAt": "2024-02-09T09:20:00Z",
"_links": {
"self": { "href": "/api/sessions/child-session-id" }
}
}
]
}
}
Use Cases:
- Display active sessions in user settings
- Show impersonation hierarchy
- Allow switching between related sessions
This endpoint returns all sessions in the same hierarchy: the root session (no parent) and all descendant sessions created through impersonation.
GET /api/session
Get the current active session.
Authentication: Required
Response:
{
"id": "current-session-id",
"tenant": "acme",
"username": "admin",
"parent": null,
"ip": "192.168.1.100",
"browserName": "Chrome",
"browserVersion": "120.0",
"osName": "macOS",
"createdAt": "2024-02-09T08:00:00Z",
"lastAccessedAt": "2024-02-09T10:30:00Z",
"expiresAt": "2024-02-09T18:00:00Z"
}
PUT /api/session/data
Update session data (custom metadata storage).
Authentication: Required
Request Body:
| Field | Type | Description |
|---|---|---|
data | object | Custom session data object |
Example Request:
{
"data": {
"preferredView": "grid",
"lastVisitedPage": "/datasets",
"customSettings": {}
}
}
Response:
Returns the updated session object.
Use Cases:
- Store UI state
- Cache user preferences temporarily
- Track navigation history
Session data is ephemeral and tied to the session lifetime. It is cleared when the session expires or is deleted.