Open Closed

Restrict multiple logins of same user #1519


User avatar
0
Repunjay created

ABP Framework version: 4.1.3 UI type: Angular Tiered (MVC) or Identity Server Seperated (Angular): yes Exception message and stack trace: Steps to reproduce the issue:

Creating a new ticket as the previous ticket is closed - https://support.abp.io/QA/Questions/536/How-to-Restrict-users-multiple-login-session

Steps performed as per recommendation -

  1. We are saving latest token at the time of login in database.
  2. When user login next time again with new browser we are revoking all existing tokens.
  3. The api we are using to revoke token is https://localhost:44350/connect/revocation and its returning 200 OK
  4. While testing we have figure out even revoked token is giving results while testing from postman.
  5. When we login to new browser existing user is not logging out from the browser it because token still alive

What could be the reason for this behaviour even token is revoked and still we can access api’s?


4 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi

    I will check it

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    I can't reproduce the problem, can I check it remotely? shiwei.liang@volosoft.com

  • User Avatar
    0
    Repunjay created

    Thanks for your inputs.

    I have incorporated all changes you have suggested as given urls

    https://github.com/abpframework/abp-samples/blob/master/IdentityServerReferenceToken/aspnet-core/src/IDSReferenceToken.HttpApi.Host/IDSReferenceTokenHttpApiHostModule.cs#L131-L137

    https://github.com/abpframework/abp-samples/blob/da789bb0737b9629e4171c2214f89479f3865f10/IdentityServerReferenceToken/aspnet-core/src/IDSReferenceToken.Domain/IdentityServer/IdentityServerDataSeedContributor.cs#L268

    https://github.com/abpframework/abp-samples/blob/master/IdentityServerReferenceToken/aspnet-core/src/IDSReferenceToken.Domain/IdentityServer/IdentityServerDataSeedContributor.cs#L83-L88

    Still we cannot access api’s from postman using revoked token.

    Please let me know if we can have quick remote call to discuss and resolve the issue.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    resolved

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38