How to prevent user for Multi login at same time - Session is not reliable

Question

we can check session to know that the user is logged in. but

if app not close normal way or disconnect internet then close app, session not remove from server and app cant send anything to server and cant change on it , so user cant login again because session or every other parameter not changed on server.

i search in forum and not find any correct answer for this problem.

main problem is that we cant never be sure user logged out and change session attribute or update json document.

Answer 1

HI,

 

There are multiple ways to manage the user session, one you already described by saving the attribute. Second, you can use admin key to get the user session like if the user session exists on the server then disable that session and re-create a new one. 

How and What role of admin key for getting the user session? 

Ans: You can write server-side custom code where you inject the admin key and based on username, you can get the session on the server. Here why we are suggesting custom code because enabling admin key on the application side is not good as any potential programmer can get your admin key by debugging the code. 

Please find below links which help you to integrate the same: 

• How to use admin key while calling any API
• Writing and deploying server-side custom code

 

In case you need any other help, please feel free to let us know. 

 

Regards,

Himanshu Sharma