Kill all sessions for a user via API

Question

We are using LTM/APM 11.5.1 and would like to be able to get all the session ids for a particular user and kill them (or at least dead-end their traffic).
I know we can do this via the GUI but am looking for ways this can be automated if it is detected the account is compromised. Is it possible via REST?&nbsp;

kunjan · Answer

How about eliminate this issue, by restricting the users to limited sessions using "Max Sessions Per User"?
On cli sessiondump -allkeys can be used to filter the session id belong to a particular user and pipe to delete it. But that is resource intensive.
An extreme option is to delete all sessions  something like:
sessiondump -list | awk '{ print $1}' | xargs -L 1 sessiondump -delete'

coriolis_75734 · Answer

Limiting the max number of sessions per user wouldn't help in the situation where a user account has been compromised and being used by an unauthorised third party.&nbsp;
We do not wish to kill all sessions and ideally I'm looking for a solution where I can give the operations team a script to run which just requires a username input and the specified user's sessions will be killed.&nbsp;

kunjan · Answer

A shell script like following:
sessiondump -allkeys | grep $1 | cut -d. -f1 | xargs -L 1 sessiondump -delete
.. and call like ./removeUser.sh user1

Forum Discussion

Kill all sessions for a user via API

3 Replies

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

SAML IdP Initiated SSO Denied and Killing Existing Session established through OAuth

BIG-IP APM: Max Sessions Per User – Enable users to terminate a specified session

DEVCENTRAL END-USER LICENSE AGREEMENT

Kill SNAT AutoMap!

Update your DevCentral user profile