How is the \Magento\Security\Model\AdminSessionsManager::processLogin() implemented and used?

dmitry_fedyuk · April 10, 2016, 8:41am

Contexts:

Implementation

app/code/Magento/Security/Model/AdminSessionsManager.php

/**
 * Handle all others active sessions according Sharing Account Setting
 *
 * @return $this
 */
public function processLogin()
{
	$this->createNewSession();
	$olderThen = $this->dateTime->gmtTimestamp() - $this->securityConfig->getAdminSessionLifetime();
	if (!$this->securityConfig->isAdminAccountSharingEnabled()) {
		$result = $this->createAdminSessionInfoCollection()->updateActiveSessionsStatus(
			AdminSessionInfo::LOGGED_OUT_BY_LOGIN,
			$this->getCurrentSession()->getUserId(),
			$this->getCurrentSession()->getSessionId(),
			$olderThen
		);
		if ($result) {
			$this->getCurrentSession()->setIsOtherSessionsTerminated(true);
		}
	}
	return $this;
}

The sole usage

It is only used from the security_admin_sessions_login after plugin to the \Magento\Backend\Model\Auth::login() method:

github.com

magento/magento2/blob/052e789/app/code/Magento/Security/etc/adminhtml/di.xml#L9-L11


<type name="Magento\Backend\Model\Auth">
    <plugin name="security_admin_sessions_login" type="Magento\Security\Model\Plugin\Auth" />
</type>

github.com

magento/magento2/blob/052e789/app/code/Magento/Security/Model/Plugin/Auth.php#L37-L48


/**
 * @param \Magento\Backend\Model\Auth $authModel
 * @return void
 * @SuppressWarnings(PHPMD.UnusedFormalParameter)
 */
public function afterLogin(\Magento\Backend\Model\Auth $authModel)
{
    $this->sessionsManager->processLogin();
    if ($this->sessionsManager->getCurrentSession()->isOtherSessionsTerminated()) {
        $this->messageManager->addWarning(__('All other open sessions for this account were terminated.'));
    }
}

dmitry_fedyuk · April 10, 2016, 8:48am