I don’t know exactly where to put this question but I guess the Beginner section might be a good idea. I noticed this problem a long time ago but was ignoring it until now…
I currently have a bazillion of open sessions in my OH Main UI and the list is getting longer and longer…
I just deleted a couple of sessions from March 2021 but it is a painful process given that you always need at least two clicks on different locations or one swipe and one click.
Two questions:
The problem with my setup is that I’m using my own Certificate Authority to have secure connections within my own network at home. This was no problem until I switched to a company managed phone. Of course now I cannot trust my own CA anymore and thus cannot access Main UI in a browser (Chrome) EXCEPT (and I always wondered why!?) when I use the Incognito mode… This will however almost always create a new session which is why the list ist super long… This might get better now with the iOS App working again. The app manages to reuse the latest session and does not require me to open new sessions all the time. Does anyone know why Chrome does allow me to open a connection which is considered “insecure” in an incognito tab but not in a regular one? This would fix the infinite session creation even when I’m using the browser…
Is there a way to delete all active sessions at once? I don’t want to spend half the night to manually remove them…
I also have issues with having to re-login and lots of sessions being created.
On the Console there are some commands for managing users including clearing all sessions of a user:
openhab> openhab:users
Usage: openhab:users list - lists all users
Usage: openhab:users add <userId> <password> <role> - adds a new user with the specified role
Usage: openhab:users remove <userId> - removes the given user
Usage: openhab:users changePassword <userId> <newPassword> - changes the password of a user
Usage: openhab:users listApiTokens - lists the API tokens for all users
Usage: openhab:users addApiToken <userId> <tokenName> <scope> - adds a new API token on behalf of the specified user for the specified scope
Usage: openhab:users rmApiToken <userId> <tokenName> - removes (revokes) the specified API token
Usage: openhab:users clearSessions <userId> - clear the refresh tokens associated with the user (will sign the user out of all sessions)
openhab> openhab:users clearSessions DrRSatzteil
User sessions cleared.
Since you also have these “relogin” problems: do you have a similar setup with regards to TLS encryption? Or might the reason behind this be something else? My reverse proxy setup maybe?
Out of curiosity: how do you do this for your internal services? For my public facing services I do the same with let’s encrypt but since I don’t have access to a “real” PKI (at least not for private use) I see no chance of doing this internally.
Oh I see LE can do DNS challenges now that should make things a bit easier. Haven’t checked their features for a long time
Yes if you have many machines a wildcard certificate makes it more easy.
You could also use a proper certificate on a proxy which then uses self signed certificates with other machines. Cloudflare SSL/TLS uses a similar setup.
If you configure your local DNS to resolve the hostnames used in the certificates to local IPs, browsers on any device will also happily connect to those machines using your local network only.
