Sessions service


Sessions

For authentication requests, the flow orchestration service calls the session service to create a new session. The session token is associated with the current session and is set in a cookie. For every call in the authentication flow, the authentication service checks that the session token cookie contains the current token for the session.

When a session is created as part of an authorization flow, the session data is created along with the flow data and stored in memory. For existing sessions, the session data is retrieved from data storage and then cached. It is updated in cache only during flow execution. After flow completion, the session is updated in the data storage system. This ensures that sessions are not persisted by incomplete flows and that multiple flows executing simultaneously for the same session do not affect each other.

Sessions API operations

The sessions service supports the following endpoint operations:

Note: The sessions API endpoints are internal only. There are no Postman collections provided for internal operations.

Sessions data model

Property Description
activeAt The last user activity time on this session. For example, completing a flow, application activity such as validating a token or using a refresh token.
createdAt The time the resource was created.
environment.id A string that specifies the identifier of the resource referenced by this relationship.
id A string that specifies the resource’s unique identifier.
lastSignOn.at The time of the last sign on.
lastSignOn.authenticators A string that specifies the authenticators used during the last sign on.
lastSignOn.policyId A string that specifies the sign on policy completed by the last sign-on.
lastSignOn.withAuthenticator.completedAt A string that specifies the details of last completed use of specific authenticators during past sign ons.
lastSignOn.withAuthenticator.policyId A string that specifies the identifier of the policy that triggered the last completed use of this authenticator for sign on.
user.id A string that specifies the identifier of the user resource referenced by this relationship.

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request was invalid.
401 You weren’t authenticated to perform this operation.
404 The specified object doesn’t exist.

Endpoint examples

Get a session

The GET /environments/{environmentId}/session operation retrieves the current session identified by the session cookie. This is an internal API only.

curl -X GET \
  'https://auth.pingone.com/environments/{environmentId}/session' \
  -H 'Content-Type: application/json' \

Delete a session

The GET /environments/{environmentId}/session operation deletes the current session identified by the session cookie. This is an internal API only.

curl -X DELETE \
  'https://auth.pingone.com/environments/{environmentId}/session' \
  -H 'Content-Type: application/json'

For successful delete operations, a 204 NO CONTENT message is returned by the request.