Unlike any other application System administrator can cancel users session, In Spring’14 release Salesforce announced same kind of feature. Now users with “View Setup and Configuration” permission can easily view user sessions and, if necessary for security or other reasons, end sessions (It’s required “View All Data” user permission) from the same page.
The User Session Information page allows you to view active sessions, view session details for an organization, and create different views of the data. You can also view details about a user associated with a specific session, and end suspicious sessions if required.This feature is by default enable for your organization after Spring’14 release. This feature available in Developer, Performance, Enterprise, Professional, Contact Manager, Group, Unlimited and Database.com editions.
Remove user’s Session
To remove user’s session follow the below steps
1) Click on Name | Setup | Administration Setup | Security Controls | Session Management
2) On the User Session Information page, you can view existing user session details, like below screen shot
|Created||The date and time stamp of when the session began.|
|Login Type||The type of login associated with the session. Some login types include Application, SAML, and Portal.|
|Session Type||The type of session the user is logged into. For example, common ones are UI, Content, API, and Visualforce.
UI:- Created when using a user interface page.
|Source IP||The IP address associated with the session.|
|User Type||The profile type associated with the session.|
|Username||The username used when logged into the session. You can click the username to go to that person’s profile page.|
|Updated||The date and time stamp of the last session update because of activity. For example, during a UI session type, users make frequent changes to records and other data as they work. With each change, both the Updated and Valid Until date and time stamps are refreshed.|
|Valid Until||The date and time stamp of when the session expires if you don’t end it. In my case it’s 2hours From created or updated which ever is earlier) as i set session timeout value to 2hours. To check yours follow the path Name | Setup | Administration Setup | Security Controls | Session Settings|
3) To end a session select the check-box for one or more sessions and click Remove button.
4) Whenever user with username “email@example.com” is try to access anything by clicking, Salesforce will redirect a user to login page.
Note:- Non-administrators can see their own session information while administrators can view all user
sessions for an organization.
Default Session Settings Protect Your Organization
Take advantage of new default session security settings to protect your organization. For improved security, some options on the Session Settings page that administrators could previously disable are now enabled
by default and no longer editable from the Session Settings page. Fields marked in red are no longer editable for user.
You can disable these options by contacting salesforce.com via raise a case or call.
Announcement:- If you like this blog or you have a question please leave your comments, I’ll try to answer it. Thanks for your time to read my article.