DOC Add userhelp for session manager

.github/workflows/main.yml

@@ -0,0 +1,14 @@
+name: Build Docs
+on:
+  push:
+    branches:
+      - 'master'
+    paths:
+      - 'docs/en/userguide/**'
+jobs:
+  build:
+    name: build-docs
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run build hook
+        run: curl -X POST -d {} https://api.netlify.com/build_hooks/${{ secrets.NETLIFY_BUILD_HOOK }}

README.md

@@ -1,6 +1,6 @@
 # Silverstripe CMS Session Manager
 
-Allow users to manage and revoke access to multiple login sessions across devices.
+Allow members to manage and revoke access to multiple login sessions across devices.
 
 [![Build Status](https://api.travis-ci.com/silverstripe/silverstripe-session-manager.svg?branch=1)](https://travis-ci.com/silverstripe/silverstripe-session-manager)
 [![Code Quality](http://img.shields.io/scrutinizer/g/silverstripe/silverstripe-session-manager.svg?style=flat)](https://scrutinizer-ci.com/g/silverstripe/silverstripe-session-manager)
@@ -14,7 +14,7 @@ Allow users to manage and revoke access to multiple login sessions across device
 
 The module introduces a new database record type: `LoginSession`.
 On first login, it creates a new record of this type, recording the IP and User-Agent,
-and associates it with the user (via `LogInAuthenticationHandler`).
+and associates it with the member (via `LogInAuthenticationHandler`).
 The record identifier is stored in the PHP session, so it can be retrieved on subsequent requests.
 
 On each request, a middleware (`LoginSessionMiddleware`) checks if the current
@@ -27,7 +27,7 @@ Due to the way PHP sessions operate, it can not expire those sessions as well.
 The PHP sessions will be invalidated on next request through `LoginSessionMiddleware`,
 unless they expire independently beforehand (through PHP's own session expiry logic).
 
-Silverstripe allows persisting login state via a "remember me" feature.
+Silverstripe allows persisting login state via a "Keep me signed in" feature.
 These `RememberLoginHash` records have their own expiry date.
 This module associates them to `LoginSession` records,
 and ensures their expiry is consistent with the new session behaviour
@@ -45,7 +45,7 @@ It is also compatible with the [Silverstripe MFA module suite](https://github.co
 
 ## Caveats
 
- * Every request with a logged-in user causes a database write (updating `LoginSession`), potentially affecting performance
+ * Every request with a logged-in member causes a database write (updating `LoginSession`), potentially affecting performance
  * Restoring a database from an older snapshot will invalidate current sessions.
  * PHP sessions can become out of sync with `LoginSession` objects. Both can exist beyond their expiry date.
    This is not an issue in practice since the association between the two is checked on each session-based request
@@ -55,7 +55,7 @@ It is also compatible with the [Silverstripe MFA module suite](https://github.co
 
 ### Logout across devices
 
-Session-manager provides an explicit way to terminate individual sessions and their attached "remember me" tokens. So this module sets `SilverStripe\Security\RememberLoginHash.logout_across_devices` to `false`.
+Session-manager provides an explicit way to terminate individual sessions and their attached "Keep me signed in" tokens. So this module sets `SilverStripe\Security\RememberLoginHash.logout_across_devices` to `false`.
 
 To restore the old behaviour with session manager installed, add the following YML config to your project:
 
@@ -69,18 +69,18 @@ SilverStripe\Security\RememberLoginHash:
   logout_across_devices: true
 ```
 
-Read [Saved User Logins](https://docs.silverstripe.org/en/4/developer_guides/security/member/#saved-user-logins) to learn how to configure the "remember me" feature for your users.
+Read [Saved User Logins](https://docs.silverstripe.org/en/4/developer_guides/security/member/#saved-user-logins) to learn how to configure the "Keep me signed in" feature for your members.
 
 ### Session timeout
 
-Non-persisted login sessions (those where the user hasn’t ticked “remember me”) should expire after a period of inactivity, so that they’re removed from the list of active sessions even if the user closes their browser without completing the “log out” action. The length of time before expiry matches the `SilverStripe\Control\Session.timeout` value if one is set, otherwise falling back to a default of one hour. This default can be changed via the following config setting:
+Non-persisted login sessions (those where the member hasn’t ticked "Keep me signed in") should expire after a period of inactivity, so that they’re removed from the list of active sessions even if the member closes their browser without completing the “log out” action. The length of time before expiry matches the `SilverStripe\Control\Session.timeout` value if one is set, otherwise falling back to a default of one hour. This default can be changed via the following config setting:
 
 ```yml
 SilverStripe\SessionManager\Models\LoginSession:
   default_session_lifetime: 3600 # Default value: 1 hour in seconds
 ```
 
-Note that if the user’s session expires before this timeout (e.g. a short `session.gc_maxlifetime` PHP ini setting), they **will** still be logged out. There will just be an extra session shown in the list of active sessions, even though no one can access it.
+Note that if the member’s session expires before this timeout (e.g. a short `session.gc_maxlifetime` PHP ini setting), they **will** still be logged out. There will just be an extra session shown in the list of active sessions, even though no one can access it.
 
 ### Garbage collection
 

docs/en/userguide/index.md

@@ -0,0 +1,48 @@
+title: Session Manager
+summary: Allow members to manage and revoke access to multiple login sessions across devices.
+
+# What does the session manager module do?
+
+The session manager module allows members to manage (see active and revoke) login sessions across devices used to access the CMS. Each login to a member's account is tracked and can be managed from their profile page.
+
+# How to use it
+
+## Getting started
+
+Make sure you have the [Silverstripe CMS Session Manager](https://addons.silverstripe.org/add-ons/silverstripe/session-manager) module installed on your website.
+
+## Logging in
+
+When logging in with *_Keep me signed in for 30 days_*" checked, a session will remain active on that device for the full 30 days unless it is terminated prior to that allocated timeframe. Without this option checked, a session will only last for the duration of your browser session.
+
+[notice]
+You should not use the "Keep me signed in" functionality when working on a device shared with other users (e.g.: internet café computer or a public library workstation).
+[/notice]
+
+![Silverstripe CMS log in form](_images/logging-in.png)
+
+## Viewing login sessions
+
+In order to view login sessions once logged in, navigate to your profile by clicking on your name in the left hand CMS menu. Every valid and currently active login session will be listed under ***Login sessions***.
+
+![List of login sessions viewed through the Silverstripe CMS member profile](_images/viewing-login-sessions.png)
+
+There is various data associated with every login session that can be used to identify the device that is logged in.
+
+* Browser
+* Operating system
+* IP address
+* Last active time
+* Sign-in time
+
+[notice]
+A member can only view login sessions for their own profile. No one else will have access to view your sessions.
+[/notice]
+
+## Revoking access
+
+To remove access for a session associated with a device, click the **Log out** link next to the session you want to remove. This session will be immediately removed and anyone viewing the CMS using this session will need to log back in.
+
+[notice]
+A member can only revoke access for their own profile. No one else will have access to remove your sessions.
+[/notice]