Session Service
Component Detail
Service Layer
medium complexity
backend
0
Dependencies
0
Dependents
4
Entities
0
Integrations
Description
Backend service that mediates session management operations between the admin UI and the underlying session store. It enforces RBAC checks, applies session policies, and writes audit log entries for every revocation or policy change.
session-service
Sources & reasoning
Session Management is taxonomy-required at line 380 and operationally grounded by the auth model at lines 152 and 205, which explicitly call out admin-initiated revocation and refresh-token rotation. Not in MVP scope at lines 244-247, so target_release resolves to Core Product per rule 3.
-
docs/source/likeperson.md · line 380Session Management | Session Management Page [ui] | Session Service [service] | Session Store [data]
-
docs/source/likeperson.md · line 205Issues short-lived access tokens plus rotating refresh tokens; sessions survive silently across token expiry and end cleanly when the refresh chain is broken.
-
docs/source/likeperson.md · line 152Session revocation (sign-out, forced expiry, admin-initiated)
Responsibilities
- Authorize session management requests via role-based access control
- List active sessions scoped to an organization or user
- Revoke individual sessions and propagate invalidation to dependent systems
- Apply and persist organization-level session-policy settings
- Emit audit log events for session lifecycle and policy changes
Interfaces
listActiveSessions(orgId, userId?): Session[]
revokeSession(sessionId, actorId): RevocationResult
getSessionPolicy(orgId): SessionPolicy
updateSessionPolicy(orgId, policy, actorId): SessionPolicy
Related Data Entities (4)
Data entities managed by this component