Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

End the current users session via a flow

Moedeb
Tera Guru

yesterday

I have a catalog item that when submitted adds the user to a group in ServiceNow, that has a role associated to the group. 

What I need to do as part of the flow after the user is added to the group, is to end their current session so they need to reauthenticate and the new role can take effect.

 

In order to do this I created a custom flow action called "End user session" with an input of "user_sys_id"

This is the script I added:

(function execute(inputs, outputs) {

  if (!inputs.user_sys_id) {
    return;
  }

  // Get username from sys_id
  var u = new GlideRecord('sys_user');
  if (!u.get(inputs.user_sys_id)) {
    return;
  }

  // Force logout across nodes (all active sessions for this user)
  GlideSessions.lockOutSessionsInAllNodes(u.user_name.toString());

})(inputs, outputs);

 

I've added it to the flow and the user_sys_id is provided via a data pill from the requested_for field down to sys_id

 

It does not however appear to be working as I can see that the user is added to the group / role, however they still do not have the access when they navigate to what I need them to access. When I impersonate the same user after the flow has run I can see what they should be able to see but still can't.

So the access is working, but they don't appear to have gained a new session ID with the new role taking affect.

Is someone able to assist please?

0 Helpfuls
  • 269 Views
7 REPLIES 7

Moedeb
Tera Guru
In response to vaishali231

2 hours ago

@vaishali231 

I would prefer option 3: Avoid logout altogether, but thought that logout was going to be required?

 

I had actually already added a 10 second wait after adding the user to the group 😊

 

Can you explain exactly what is needed here?

 

I would also like to ultimately redirect the user to a dashboard if you could explain exactly how I would do that after they submit the catalog item and the flow runs. Would that be part of the flow?

0 Helpfuls

vaishali231
Tera Guru
In response to Moedeb

2 hours ago

Hey @Moedeb 

The key clarification is:

Logout is only required if your access is role-based (gs.hasRole)

If you move to group-based access (gs.getUser().isMemberOf), then logout is NOT required

 

1. Do you actually need logout?

Option 3 (Preferred): Avoid logout completely

Instead of relying on roles, use group-based checks

Replace role checks like:

gs.hasRole('your_role')

With:

gs.getUser().isMemberOf('your_group_name')

 

Where to apply this

  • ACL scripts

  • Business rules / Script Includes

  • UI logic where applicable

 

Why this works better

  1. Group membership is evaluated dynamically

  2. No dependency on session refresh

  3. No forced logout required

  4. More stable and scalable design

 

If you must keep role-based access

Then logout is unavoidable

This is because:

ServiceNow caches roles in the user session

They are not re-evaluated during an active session

 

In your case

Your 10-second wait is already correct

Your session kill approach is also correct

However:

Behavior can still vary due to browser/session caching

Which is why logout + redirect is typically required for consistency

 

2. What is actually needed (if using roles)

To make it reliable, you need:

  1. Role assignment completed (your wait handles this)

  2. Cache refreshed

  3. Session terminated

  4. Client-side logout/redirect (critical piece)

 

3. Redirecting user to Dashboard after Catalog Submit

Important

Flow Designer cannot handle redirects (server-side only)

Redirect must be handled on the client side

 

Service Portal 

Simple approach

function onSubmit() {

 setTimeout(function() {

    window.location.href = "/sp?id=your_dashboard_page";

 }, 3000);

}

 

More controlled approach

function onSubmit() {

 sessionStorage.setItem('redirect_after_submit', 'true');

}

Then in a widget or page script:

if (sessionStorage.getItem('redirect_after_submit') === 'true') {

 sessionStorage.removeItem('redirect_after_submit');

 window.location.href = "/sp?id=your_dashboard_page";

}

Classic UI (if applicable)

window.location = "/your_dashboard.do";

Final Recommendation

If possible - move to group-based access (no logout needed)

If roles must be used - your current Flow + session handling is correct, but you must add client-side redirect/logout

Handle all redirects in client layer, not Flow Designer

********************************************************************************************************************

If this response helps, please mark it as Accept as Solution and Helpful.

Doing so helps others in the community and encourages me to keep contributing.

Regards

Vaishali Singh





0 Helpfuls

Ankur Bawiskar
Tera Patron

2 hours ago

@Moedeb 

I won't recommend any script for this.

Simply ask them to re-login and train them rather than adding script which leads to technical debt and maintenance issue during upgrade.

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls