You can retrieve, extend, or delete the current session via an API but there’s no APIs to list or manage other users sessions.
Can you explain your use case in a bit more detail?
It might make more sense to define a session timeout or idle timeout and let Kibana delete expired sessions rather than trying to manage sessions yourself.
If it's primarily about detecting who accessed Kibana then your best bet would be the Kibana Audit Log.
You can look for user_login + success events to detect when a user logged in. You can find the current session id in the kibana.session_id field.
My case is simple: detect if a customer shared the password with another person.
I need to detect two or more parallel accesses and then logout all.
Thanks a lot!
You can use the audit log to detect if multiple sessions are active for the same user.
Keep in mind that multiple logins does not necessarily mean that the user shared their password. They could be using private browsing mode, a separate machine or simply a different browser so you might want to run additional checks before invalidating their session.
To invalidate a users session you can make the following API call with superuser privileges:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.