public TerminateUserSessionResponse TerminateUserSession(TerminateUserSessionRequest request)
{
Platform.CheckForNullReference(request, "request");
Platform.CheckForNullReference(request.SessionIds, "SessionIds");
// exclude the current session - user must not delete own active session!
var sessionIds = request.SessionIds.Where(id => id != CurrentUserSessionId).ToList();
if(sessionIds.Count == 0)
throw new RequestValidationException(SR.MessageCannotDeleteOwnUserCurrentSession);
// load all sessions by id
var where = new UserSessionSearchCriteria();
where.SessionId.In(sessionIds);
where.IsImpersonated.EqualTo(false); // impersonated sessions cannot be terminated in this manner
var sessions = PersistenceContext.GetBroker<IUserSessionBroker>().Find(where);
// terminate sessions
foreach (var session in sessions)
{
// but only if the current user is actually authorized to do so
EnsureCurrentUserAuthorizedToManage(session.User.AccountType);
session.Terminate();
}
return new TerminateUserSessionResponse(sessions.Select(s => s.SessionId).ToList());
}
public TerminateUserSessionResponse TerminateUserSession(TerminateUserSessionRequest request)
{
Platform.CheckForNullReference(request, "request");
Platform.CheckForNullReference(request.SessionIds, "SessionIds");
// exclude the current session - user must not delete own active session!
var sessionIds = request.SessionIds.Where(id => id != CurrentUserSessionId).ToList();
if(sessionIds.Count == 0)
throw new RequestValidationException(SR.MessageCannotDeleteOwnUserCurrentSession);
// load all sessions by id
var where = new UserSessionSearchCriteria();
where.SessionId.In(sessionIds);
var sessions = PersistenceContext.GetBroker<IUserSessionBroker>().Find(where);
// terminate all sessions
foreach (var session in sessions)
{
session.Terminate();
}
return new TerminateUserSessionResponse(sessions.Select(s => s.SessionId).ToList());
}
