Explicitly delete all Kibana security sessions #81941
Assignees
Labels
enhancement
New value added to drive a business result
Project:SystemIndices
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Comments
kobelb
added
Team:Security
|
Pinging @elastic/kibana-security (Team:Security) |
|
@legrego are we worried about releasing 8.0 without this feature? If so, should we add it to the roadmap to be implemented by 8.0? |
|
@kobelb thanks for the reminder here. I'll make sure we prioritize this so that we at least have an API available by 8.0 |
|
Documentation is live and available here: https://www.elastic.co/guide/en/kibana/master/session-management-api.html |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Kibana now has server-side sessions, and end-users are able to configure how frequently expired/invalid sessions are cleaned up. However, there isn't a way of explicitly deleting all existing sessions besides deleting the
.kibana_security_session_1index. As part of the system-indices project, end-users will no longer be able to interact with Kibana's system-indices using the traditional ES APIs unless they include a specific HTTP request header value pair. As such, if we anticipate end-users needing to explicitly delete all existing sessions, we'll want to provide the ability to do so via Kibana's UI or HTTP APIs.The text was updated successfully, but these errors were encountered: