Session management

[Raul6469]

Code Contribution Proposal

Hello !

I see session management is requested in the community forum here: https://community.bitwarden.com/t/session-management/1696, and I'm willing to help to make this happen if you're ok with that!

I think that just having a simple list of devices in the account settings would be very nice. It would be purely read-only information. If there were to be an unknown device, the existing "de-authorize all sessions" would still be the only way to go.

I was looking a bit through the source code, and I think the Device table already contains enough information to make a nice table to display to users. However, it looks like devices are never deleted, even after hitting the "de-authorize all sessions" button.

Do you think it is possible to delete all user's devices as part of UserService.RefreshSecurityStampAsync? This way we can get rid of old devices that are no longer used in the list. A possible side-effect of doing this would be to send new device emails to users after each login, even on previously known devices. (Personnally I think it should be the case, after de-authorizing all sessions I would expect to get emails for each new login).

I also guess that doing this can break the device trust system, but I'm unsure of what it is exactly...

For the rest, looks like it would be pretty straightforward, since there is already an exposed API route /api/devices that returns a list of devices.

I can either start with a client side PR to display current devices "as-is", or a server side one to delete devices on sessions de-authorization... or none, if you think none of this is relevant or if you know you won't have bandwidth to look into this, which is understandable!

Anyway, just let me know and have a great day!

[dbosompem]

Hi @Raul6469 thanks for your willingness to work on this. I will pass it on to the team and we'd get back to you!

[Raul6469]

Hi @dbosompem, I saw on the community forum that this feature is planned for research. I'm still interested in this and I'm willing to help if you want!

[dbosompem]

Hi @Raul6469 , thank you for your interest and your willingness to help. I would want to check in with team first with the direction we want to go with this feature, so we can effectively collaborate with you with development. Thanks once again!