How can I retrieve all user sessions connected to my Kibana, using API

Hi!

How can I retrieve all user sessions connected to my Kibana, using API ?

I will do a montoring sessions to delete duplicate access to my dashboard in Kibana.

I saw that its is possible to DELETE sessions using the API, but I did not see how to retrieve all the sessions to detect multiple access.

Thanks!
Rodrigo

You can retrieve, extend, or delete the current session via an API but there’s no APIs to list or manage other users sessions.

Can you explain your use case in a bit more detail?

It might make more sense to define a session timeout or idle timeout and let Kibana delete expired sessions rather than trying to manage sessions yourself.

If it's primarily about detecting who accessed Kibana then your best bet would be the
Kibana Audit Log.

You can look for user_login + success events to detect when a user logged in. You can find the current session id in the kibana.session_id field.

Hi Thom,

My case is simple: detect if a customer shared the password with another person.
I need to detect two or more parallel accesses and then logout all.
Thanks a lot!

Thanks for clarifying.

You can use the audit log to detect if multiple sessions are active for the same user.

Keep in mind that multiple logins does not necessarily mean that the user shared their password. They could be using private browsing mode, a separate machine or simply a different browser so you might want to run additional checks before invalidating their session.

To invalidate a users session you can make the following API call with superuser privileges:

POST /api/security/session/_invalidate
{
  match: 'query',
  query: {
    provider: 'basic',
    username: 'user-to-logout'
  }
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.