Invalidate/Timeout User Session

bbarnard
Kilo Contributor

I'm looking for a way to invalidate a user session on our ServiceNow instance to force them to relogin without locking their account.

I have not been able to determine a way to do this either in script or via the user or logged in users form.

Does anyone know if this is possible?

1 ACCEPTED SOLUTION

Slava Savitsky
Giga Sage

When you lock out a user, it triggers a business rule called "Lock Out User" that terminates the user's session. You can use the script from that business rule to do the same without locking out the user's account.



// Get all sessions


var sessions = GlideSessions.get().getLoggedInSessionList();


var it = sessions.iterator();


while(it.hasNext()) {


        var session = it.next();


        // If session is current users session, invalidate the session


        if (session.getUser() == current.user_name) {


                  var httpSession = session.getHS();


                  httpSession.setAttribute("locked_out", "true");


        }


}


View solution in original post

5 REPLIES 5

Thanks Robert. There are times that we want to be able to on demand invalidate a user or set of users sessions. One such case is during certain releases where we want to force all users to relogin and create a new session. This script should allow me to invalidate users sessions. However I'm still investigating how to potentially do this for all current users since I think this would require me running this script on each node of my environment and I cannot designate which node I login to. I think I can achieve this via scheduled jobs by setting the job to run on a specific node.



-Bryan