Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
SEC-1530: Simplify access to SessionRegistry.getAllPrincipals() #1771
Multiple steps are required to retrieve collection with all current authenticated users logged into the web application. Unfortunately these steps are not well documented. Trivial task to display all current active users cannot achieved easily.
Luke Taylor said:
SessionRegistry was originally written in order to implement concurrency control and is still a key part of that functionality. The ability to query it for the list of principals logged in is a useful side effect. Since it is possible to use the existing configuration, I don't want to change the namespace to support yet another syntax - all you need to do is set the maximum sessions to -1 to allow unlimited logins. I'll add some information to the docs on session management to point the user in this direction. The configuration required is already covered in documentation.