Customization of the user session expiry time via the API

Currently, it is not possible for admins to specify the default session expiry time for users via the UI. However, this can be achieved with a script that periodically scans through the active user sessions and determining which ones should be ended. This can all be done via the Looker API and is described below.

Step 1:

Authenticate using an API3 key of an admin.

import looker 

import re

from datetime import datetime 



base_url = 'https://learn.looker.looker.com:19999/api/3.0'

client_id = ''

client_secret = ''



# instantiate Auth API

unauthenticated_client = looker.ApiClient(base_url)

unauthenticated_authApi = looker.ApiAuthApi(unauthenticated_client)



# authenticate client

token = unauthenticated_authApi.login(client_id=client_id, client_secret=client_secret)

client = looker.ApiClient(base_url, 'Authorization', 'token ' + token.access_token)

Step 2:

Get a list of all the users that have access.

# instantiate User API client & get list of users

userApi = looker.UserApi(client)



user_list = userApi.all_users()

user_ids = [user.id for user in user_list]

Step 3:

Define a session expiry time, scan through existing sessions and delete those that have expired.

expiry_time = 60 



for uid in user_ids:

    user_info = userApi.all_user_sessions(uid)



    # make sure user has an existing session

    if len(user_info) > 0:

        session_created_time = re.findall(r'(\d{4}[-]\d{1,2}[-]\d{1,2})[t](\d{1,2}:\d{1,2}:\d{1,2})', user_info[0].created_at)[0]

        session_created_time = session_created_time.replace('T',' ')

        login_time = datetime.strptime(session_created_time,'%Y-%m-%d %H:%M:%S')

        minutes_loggedIn = (datetime.now()-login_time).total_seconds() / 60

        

        # if session expired, delete it

        if minutes_loggedIn > expiry_time:

            userApi.delete_user_session(user_id, user_info[0].id)