Open Closed

How to Restrict users multiple login session #536


User avatar
0
vishalnikam created

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

  • ABP Framework version: 3.0.4
  • UI type: Angular
  • Tiered (MVC) or Identity Server Seperated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:

We are developing banking application where we have to restrict users multiple login session. At time, there should be single active login session.

user should be allowed to be logged in to one application from only one browser at a time. When user logs in then server should check his current active sessions to the same application from other browsers. If there is then log out from everywhere else and keep only newest session.

Please suggest something, which readily availble in ABP.


6 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi

    See https://stackoverflow.com/questions/36151800/asp-net-mvc-identity-securitystamp-signout-everywhere.

    Add the following code to your web module, It will check the security stamp every 10 seconds and log out of the login session if it changes.

    Configure<SecurityStampValidatorOptions>(options =>
    {
        options.ValidationInterval = TimeSpan.FromSeconds(10);
    });
    
  • User Avatar
    0
    vishalnikam created

    Tried this in Host Api >> HttpApiHostModule but dint worked. I am able to login in two browser with same user.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Can you share some code? Your login mehtod and configuration code.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Sorry, I see you are using angular UI.

    You can use revocation endpoint to revoke token.

  • User Avatar
    0
    vishalnikam created

    Where and how do i set the token expiration time in ABP.io Identity server. currently it shows below in /connect/token? API "expires_in": 31536000, "token_type": "Bearer",

    Also, give sample code to do revoke token in ABP.io Identity server.

  • User Avatar
    0
    alper created
    Support Team Director

    how about storing all the user tokens in Redis or Database, and after each login revoke all the existing tokens.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 12, 2024, 07:15