Internal or customer facing information
What is it?
The Session Management page under the Gear icon () > Session Management allows FogBugz On Demand site administrators to view and revoke active tokens for their users. Tokens are what allow users to interact with the FogBugz UI and the FogBugz XML API. For Kiln users, tokens also provide access to the Kiln web UI and Kiln’s REST API. The Session Management page can be used to remove tokens individually or in bulk by a user. There’s also a Big Red Button to kill all active sessions on your FogBugz On Demand account.
Who will use it?
FogBugz On Demand and FogBugz On Site Customers
How is it used?
Types of Tokens
There are two token types you may see on this page:
- Session tokens which are issued from the FogBugz when the “Remember Me” checkbox is unchecked.
- API tokens which are issued by an API login or when the “Remember Me” checkbox is checked on the UI login page.
Kill a user’s sessions
All current active sessions will be shown for each user, as well as the last five characters of the token. From here you’ll be able to see what IP they logged in from when the token was last active, and the type of token issued (Session or API). This will tell you how the tokens were generated (see Types of Tokens). Note that Session tokens may be used with the API, and vice-versa.
At the end of each token, there is a red X that will let you revoke that individual token. This is particularly handy if you have an API script you have been testing that logs in manually but does not log out its tokens. Clicking the red X immediately revokes the token and refreshes the active tokens.
There’s also a “Delete all tokens” button for every user. This is a quick way to revoke all tokens for a user without changing their password. Note that if you change a user’s password under the Gear icon () > Users, this also revokes all their tokens.