Server-Side sessions
Since version 4.7.0 the Duende version implements Server-Side sessions.
Configuration
Server-Side sessions must be enabled by settings IdentityServerOptions:EnableServerSideSession
"IdentityServerOptions": {
"EnableServerSideSession": true,
"ServerSideSessions": {
"UserDisplayNameClaimType": "name",
"RemoveExpiredSessions": true,
"ExpiredSessionsTriggerBackchannelLogout": true,
"RemoveExpiredSessionsFrequency": "00:10:00",
"RemoveExpiredSessionsBatchSize": 100
},
"Authentication": {
"CoordinateClientLifetimesWithUserSession": false
}
IdentityServerOptions:ServerSideSessions configures server-side sessions behavior.
See Server-side Sessions options.
Clients
The coordinate lifetime with user session check box in client page token section has been added to manage session inactivity
Sess Inactivity Timeout
Session management
Users
Users can manage theirs sessions on /Identity/Account/Manage/Sessions page.
Administrators
Administrators can manage users sessions on the user admin page.
Additional resources
Authors: