Editor’s note 2021/04/20: It is unclear if this technique still works in any recent version of Tableau Server. The signout mechanism of the REST API is still available, but getting the correct Session ID from the Repository in the format necessary has not been tested in a long time. Version 3.9 of the REST API even added a direct DELETE SERVER SESSION method, but there is no documentation on how to get the correct Session ID to send.
Within an embedded application, it can be difficult to make sure that sign-out is achieved in both the application and Tableau Server. Tableau Server supports SAML signout commands, but for all sorts of reasons, this might not always work.
Luckily, it is possible to use the REST API to kill any session programmatically, but you need the session identifier from the Tableau Repository. The question is, how do you know what session belongs to a user? There is a sessions view, but you need a little bit more to get filtering down to the username level:
SELECT sessions.session_id, sessions.data, sessions.updated_at, sessions.user_id, sessions.shared_wg_write, sessions.shared_vizql_write, system_users.name AS user_name, users.system_user_id FROM sessions JOIN users ON sessions.user_id = users.id JOIN system_users ON users.system_user_id = system_users.id WHERE system_users.name = '{username}'Once you have the session ID, you can send a REST API sign out command.
tableau_tools has both of these commands wrapped in a simple interface.
server = 'http://127.0.0.1' username = '' password = '' readonly_user_password = "" d = TableauServerRest(server, username, password) d.enable_logging(logger) tab_rep = TableauRepository(server, readonly_user_password) uname = 'some_username' sessions_cur = tab_rep.query_sessions(username=uname) for row in sessions_cur: d.signout(row[0])The signout() method has an optional parameter called “session_token”, that accepts the values of the session_id column of the sessions table and _sessions views (when they are set to the old style of ID — see below).
Using this in recent versions of Tableau Server
After Tableau Server 10.1, there was a change to the structure of Session IDs to provide additional security features. Unfortunately, this broke the technique listed above. If you do have the need for manually killing sessions via the REST API, you’ll need to revert back to the previous type of Session ID using the following tabadmin setting (or its equivalent in TSM in 2018.2+)
As noted above, it is unclear if this option is still available, and if not, what the equivalent technique would be to retrieve the full Session ID needed for either of the REST API techniques to work.
tabadmin set features.ProtectVizPortalSessionIds false tabadmin configureYes, you will need to restart the server for that change to take effect.
Tableau and Behold! 