How to disable concurrent login with OpenIdDict? #7794 | ABP Support | ABP.IO | ABP Support

nhontran created 20 days ago

ABP Framework version: v8.0.2
UI Type: Angular
Database System: EF Core (SQL Server)
Auth Server Separated (for Angular): yes

I would like to implement a feature to disable concurrent user logins in our application to enhance security.

Requirements:

When a user logs in, any active sessions of that user should be automatically logged out.
Only one active session per user should be allowed at any given time.

Most of the articles I found here is for Identity Server 4, I have migrated to OpenIdDict, is there a built-in feature for this?

Please provide guidance on how to configure or extend the ABP framework to achieve this behavior.

Thank you.

12 Answer(s)

0

maliming created 20 days ago
Support Team Fullstack Developer

hi

We have the session management feature.

https://abp.io/docs/latest/modules/identity/session-management https://abp.io/docs/latest/modules/account/session-management
0

nhontran created 13 days ago

Hi @maliming, this feature does not seem to work. After selecting the "LogoutFromAllDevices" option. I logged in on a new device, and observed that in the AbpSessions table, the old session was deleted and the new session has been created. However, the web application (I am using Angular) did not log me out on the old device.

Am I missing something? Could you help me resolve this?
0

maliming created 13 days ago
Support Team Fullstack Developer

hi

This feature depends on the Dynamic Claims feature of the ABP framework. https://abp.io/docs/latest/framework/fundamentals/dynamic-claims?_redirected=B8ABF606AA1BDF5C629883DF1061649A

Have you enabled it?
0

nhontran created 13 days ago

Hi @maliming, Yes, I have enabled the feature. Could you let me know when this feature was officially released?

I created a new project using version 8.0.2, but noticed that the feature is not available. Interestingly, my older project, also on version 8.0.2, includes it. I'm not sure why there's this discrepancy.
0

maliming created 13 days ago
Support Team Fullstack Developer

hi

The session management feature was added after 8.2

So you need to use abp 8.2+ and enable dynamic claims as well.
0

nhontran created 13 days ago

noted. Let me upgrade it to 8.2.0.

Thank you
0

maliming created 13 days ago
Support Team Fullstack Developer

hi nhontran

You can create an 8.2+ template project to test this first.

Thanks
0

nhontran created 13 days ago

Hi @maliming,

Yes, I just created a new project version 8.2.0 and it works.

However, when I tried to upgrade our existing solution by running "abp update -v 8.0.2", my Angular and .NET projects did not receive any updates. All the DLLs remain at version 8.0.2.
0

maliming created 13 days ago
Support Team Fullstack Developer

hi

You can try to update the packages manually.

packages.json and all csproj files.
0

nhontran created 13 days ago

Hi @maliming, I manually updated it and now encountered this error in Auth Server:
0

nhontran created 13 days ago

Hi, please ignore it. I have fixed it by updating the Theme LeptonX version as well:

<PackageReference Include="Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonX" Version="3.2.0" />
0

maliming created 13 days ago
Support Team Fullstack Developer

Great. : )

Have an answer to this question? Log in and write your answer.