Automation Champion

Unlike any other application System administrator can cancel users session, In Spring’14 release Salesforce announced same kind of feature. Now users with “View Setup and Configuration” permission can easily view user sessions and, if necessary for security or other reasons, end sessions (It’s required “View All Data” user permission) from the same page.

The User Session Information page allows you to view active sessions, view session details for an organization, and create different views of the data. You can also view details about a user associated with a specific session, and end suspicious sessions if required.This feature is by default enable for your organization after Spring’14 release. This feature available in Developer, Performance, Enterprise, Professional, Contact Manager, Group, Unlimited and Database.com editions.

Remove user’s Session

To remove user’s session follow the below steps

1) Click on Name | Setup | Administration Setup | Security Controls | Session Management 
2) On the User Session Information page, you can view existing user session details, like below screen shot

User Session Information

Field	Description
Created	The date and time stamp of when the session began.
Login Type	The type of login associated with the session. Some login types include Application, SAML, and Portal.
Session Type	The type of session the user is logged into. For example, common ones are UI, Content, API, and Visualforce. UI:- Created when using a user interface page. Content:- Created when serving user-uploaded content. API:- Created when accessing Salesforce through the API. Visualforce:- Created via a Visualforce page.To learn more about Session types browse below mentioned link https://help.salesforce.com/apex/HTViewHelpDoc?id=security_session_types.htm&language=en_US
Source IP	The IP address associated with the session.
User Type	The profile type associated with the session.
Username	The username used when logged into the session. You can click the username to go to that person’s profile page.
Updated	The date and time stamp of the last session update because of activity. For example, during a UI session type, users make frequent changes to records and other data as they work. With each change, both the Updated and Valid Until date and time stamps are refreshed.
Valid Until	The date and time stamp of when the session expires if you don’t end it. In my case it’s 2hours From created or updated which ever is earlier) as i set session timeout value to 2hours. To check yours follow the path Name | Setup | Administration Setup | Security Controls | Session Settings Session Timeout Value Settings

3) To end a session select the check-box for one or more sessions and click Remove button.

End a session

4) Whenever user with username “abcd@gmail.com” is try to access anything by clicking, Salesforce will redirect user to login page.

Salesforce login page

Note:- Non-administrators can see their own session information while administrators can view all user
sessions for an organization.

Default Session Settings Protect Your Organization

Take advantage of new default session security settings to protect your organization. For improved security, some options on the Session Settings page that administrators could previously disable are now enabled
by default and no longer editable from the Session Settings page. Fields marked in red are no longer editable for user.

Fields on Session Settings no longer editable

You can  disable these options by contacting salesforce.com via raise a case or call.

Announcement:- If you like this blog or you have a question please leave your comments, I’ll try to answer it. Thanks for your time to read my article.