How can I restrict logged in user from logging in again using another browser/tab?
Question
I am using reactjs with nodejs and redux to authenticate and keep track of if user is authenticated or not (for routes). I am using aws cognito for user authentication.
What does the app do: it basically takes a file from user and uploads to s3 bucket.
What I want to accomplish: I want to restrict the user from opening a 2nd tab (in chrome for example) and logging in again. Currently I don't have a logout button, but if they refresh their current tab, they will be logged out and will have to log in again - reason for this is, we don't need to persist the login.
In addition to this, ideally we would like to restrict the user from opening say another browser and logging in.
Is there way to restrict this?
1 answers
solution1
0 2019-03-14 19:06:23
If you need only 1 session to be active of one particular user.
- on login you need generate JWT Token or some access key which is used during all API calls (AWS operation etc.)
- on second login, you need to invalidate previous JWT Token/access token
- this way even if user login in the second tab, the first tab will be disconnected, as the first tab is using old access token (which is now invalidated), and the 2nd tab has latest access token.
Another approach:
- you need to have presence system. When you can tell which user is offline, which is online.
- on the server you prohibit logins to the user, who is already online
- user becomes offline by closing tab or by disconnecting from the internet
- you still need some JWT tokens or other access tokens you give on every login, and invalidate old tokens
- you can create presence system with Firebase from Google. Maybe other systems.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.