Delete orphaned user sessions

  • Platform information:
    • Hardware: Raspberry Pi 4
    • OS: Raspberry Pi OS / x64 / 11 (bullseye)
    • Java Runtime Environment: 11.0.15 (Temurin-11.0.15+10) (running in Docker)
    • openHAB version: 3.3.0 (running in Docker)
    • ConBee 2 USB stick

Dear community,

I’ve built an HTTP API (running in a Docker container) which creates a screenshot of an openHAB dashboard every couple of minutes using Playwright. Since my dashboard is only accessible to some users, the Playwright service needs to login. When restarting the container, the service needs to login again, leading to orphaned sessions from the previous executions.

Is it possible to delete orphaned sessions automatically? So far I’ve been doing this manually by logging in as the user and see when this session has been used the last time. When it is older than a couple of days, I consider them orphaned and delete them.

Can I automate this?

have a look at the REST API using the API explorer.
You can get the list of of sessions by using GET /auth/sessions.
This returns a list like in the UI.
Filter that list and use POST /auth/logout together with related parameters to logout a user from a session.
Alternatively you can use the karaf console but there it is only possible to log out a user from all sessions ( openhab:users clearSessions - clear the refresh tokens associated with the user (will sign the user out of all sessions) ) not selected ones.

1 Like

Just for the sake of completeness, this is my final code which does the job:

val headers = newHashMap("Authorization" -> "Bearer <<Token>>");
val jsonOutput = sendHttpGetRequest("", headers, 1000);
val count =  Integer::parseInt(transform("JSONPATH", "$.length()", jsonOutput));
val expiryDate = DateTimeType.valueOf(now.toLocalDateTime().toString()).getZonedDateTime().minusDays(1);

for (var i = 0; i < count; i++)
  var sessionId = transform("JSONPATH", "$.[" + i + "].sessionId", jsonOutput);
  var rawLastRefreshTime = transform("JSONPATH", "$.[" + i + "].lastRefreshTime", jsonOutput);
  var lastRefreshTime = DateTimeType.valueOf(rawLastRefreshTime).getZonedDateTime();
  if (lastRefreshTime.isBefore(expiryDate))
    var body = "id=" + sessionId;
    sendHttpPostRequest("", "application/x-www-form-urlencoded", body, headers, 1000);
    logInfo("rules", "Session " + sessionId + " was last used at " + lastRefreshTime + " which is older than " + expiryDate + " and was therefore logged out");