- ABP Framework version: v8.0.2
- UI Type: Angular
- Database System: EF Core (SQL Server)
- Auth Server Separated (for Angular): yes
I would like to implement a feature to disable concurrent user logins in our application to enhance security.
Requirements:
- When a user logs in, any active sessions of that user should be automatically logged out.
- Only one active session per user should be allowed at any given time.
Most of the articles I found here is for Identity Server 4, I have migrated to OpenIdDict, is there a built-in feature for this?
Please provide guidance on how to configure or extend the ABP framework to achieve this behavior.
Thank you.
12 Answer(s)
-
0
hi
We have the session management feature.
https://abp.io/docs/latest/modules/identity/session-management https://abp.io/docs/latest/modules/account/session-management
-
0
Hi @maliming, this feature does not seem to work. After selecting the "LogoutFromAllDevices" option. I logged in on a new device, and observed that in the AbpSessions table, the old session was deleted and the new session has been created. However, the web application (I am using Angular) did not log me out on the old device.
Am I missing something? Could you help me resolve this?
-
0
hi
This feature depends on the Dynamic Claims feature of the ABP framework. https://abp.io/docs/latest/framework/fundamentals/dynamic-claims?_redirected=B8ABF606AA1BDF5C629883DF1061649A
Have you enabled it?
-
0
Hi @maliming, Yes, I have enabled the feature. Could you let me know when this feature was officially released?
I created a new project using version 8.0.2, but noticed that the feature is not available. Interestingly, my older project, also on version 8.0.2, includes it. I'm not sure why there's this discrepancy.
-
0
hi
The session management feature was added after 8.2
So you need to use abp 8.2+ and enable dynamic claims as well.
-
0
noted. Let me upgrade it to 8.2.0.
Thank you
-
0
hi nhontran
You can create an 8.2+ template project to test this first.
Thanks
-
0
Hi @maliming,
Yes, I just created a new project version 8.2.0 and it works.
However, when I tried to upgrade our existing solution by running "abp update -v 8.0.2", my Angular and .NET projects did not receive any updates. All the DLLs remain at version 8.0.2.
-
0
hi
You can try to update the packages manually.
packages.json and all csproj files.
-
0
Hi @maliming, I manually updated it and now encountered this error in Auth Server:
-
0
Hi, please ignore it. I have fixed it by updating the Theme LeptonX version as well:
<PackageReference Include="Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonX" Version="3.2.0" />
-
0
Great. : )
