Missing sessions on Personal page #4295
Comments
|
@oparoz do you mean active clients should be shown in the sessions section too? |
|
I guess so since the description for "Sessions" says: "Web, desktop and mobile clients currently logged in to your account" |
|
Yeah well, to be precise it should be "desktop and mobile clients not using device-specific passwords". Not sure if we should show devices in the list of active sessions. |
|
Ah, I see. I think it makes sense to have everything under "Sessions", because in the future we may want to be able to kill them. |
Yes - they need to be combined. |
|
And we should not show sessions of mobile phone and desktop because they are recreated automatically. |
PR at #5166 :)
Please elaborate. Which sessions are you talking about here? IIRC we do list clients that support cookies, like our sync clients when they are configured to use the login password and not an app password. |
Correct. The client uses sessions, but it also stores the app password (like the Android and iOS app) so when you "remove" that session via the web UI on the next request it will be recreated. Thus it is quite useless to show it. :/ |
|
I see your point. I'll think about a possible solution. Maybe we need a new token type for that … |
Or oauth2 🙈 😉 |
|
That's only a solution if we slowly deprecate HTTP basic auth IMO and have a clean migration path. |
Steps to reproduce
Expected behaviour
All my sessions should be listed
Actual behaviour
Only the Web session is listed
The Apps Password section shows that there is activity with the tokens
@LukasReschke @icewind1991
The text was updated successfully, but these errors were encountered: