public TerminateUserSessionResponse TerminateUserSession(TerminateUserSessionRequest request) { Platform.CheckForNullReference(request, "request"); Platform.CheckForNullReference(request.SessionIds, "SessionIds"); // exclude the current session - user must not delete own active session! var sessionIds = request.SessionIds.Where(id => id != CurrentUserSessionId).ToList(); if(sessionIds.Count == 0) throw new RequestValidationException(SR.MessageCannotDeleteOwnUserCurrentSession); // load all sessions by id var where = new UserSessionSearchCriteria(); where.SessionId.In(sessionIds); where.IsImpersonated.EqualTo(false); // impersonated sessions cannot be terminated in this manner var sessions = PersistenceContext.GetBroker<IUserSessionBroker>().Find(where); // terminate sessions foreach (var session in sessions) { // but only if the current user is actually authorized to do so EnsureCurrentUserAuthorizedToManage(session.User.AccountType); session.Terminate(); } return new TerminateUserSessionResponse(sessions.Select(s => s.SessionId).ToList()); }
public TerminateUserSessionResponse TerminateUserSession(TerminateUserSessionRequest request) { Platform.CheckForNullReference(request, "request"); Platform.CheckForNullReference(request.SessionIds, "SessionIds"); // exclude the current session - user must not delete own active session! var sessionIds = request.SessionIds.Where(id => id != CurrentUserSessionId).ToList(); if(sessionIds.Count == 0) throw new RequestValidationException(SR.MessageCannotDeleteOwnUserCurrentSession); // load all sessions by id var where = new UserSessionSearchCriteria(); where.SessionId.In(sessionIds); var sessions = PersistenceContext.GetBroker<IUserSessionBroker>().Find(where); // terminate all sessions foreach (var session in sessions) { session.Terminate(); } return new TerminateUserSessionResponse(sessions.Select(s => s.SessionId).ToList()); }