I just started using session management with openiddict, now everything looks ok. but when I enabled LogoutFromSameTypeDevices I find that all session has same Device on DB (AbpSessions) so I wonder why and how to control what value is passed to db. second question is it possible to make custom rule about it? for example if client is Web only 1 login allowed, if client is "Mobile" you can 5 or unlimited token etc. ?
abp version 9.2.0
1 Answer(s)
-
0
Hi @batuhankara,
I just started using session management with openiddict, now everything looks ok. but when I enabled LogoutFromSameTypeDevices I find that all session has same Device on DB (AbpSessions) so I wonder why and how to control what value is passed to db
There is a class called
OpenIddictCreateIdentitySession(handles theProcessSignInevent of OpenIddict module), which gets the randomly generated sessionId and stores it in the database.When you enable the LogoutFromSameTypeDevices option, then the
IdentitySessionManagerkicks in and revokes the other device sessions and removes them from the database and cache.second question is it possible to make custom rule about it? for example if client is Web only 1 login allowed, if client is "Mobile" you can 5 or unlimited token etc. ?
Currently, we don't provide such an option. There are only three options:
Disabled,LogoutFromSameTypeDevicesandLogoutFromAllDevices. For custom scenarios, you should override the code and implement it yourself. If you want to customize, then you can refer to the How it works? section in the documentation and update the relevant places.Regards.
