W
Wasp-lang•5w ago
Acer

How to limit one active session per user

Hi, how can I limit one active session per user at a time? If a user is logged in from one computer and logs in again from a different computer, how can I detect it and logout from the first computer before starting the new session?
8 Replies
kapa.ai
kapa.ai•5w ago
Hi @Acer. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- Hmm, I don't know enough to give you a confident answer yet. The provided knowledge sources do not contain specific information on how to limit one active session per user at a time in Wasp. However, Wasp does use sessions for authentication, and these sessions are stored in localStorage on the client and in the database on the server. When a user logs in, Wasp creates a session for them and stores it in the database. The session is then sent to the client and stored in localStorage. When users log out, Wasp deletes the session from the database and from localStorage source (https://wasp-lang.dev/docs/auth/overview#sessions). There is also an open issue on GitHub discussing a related topic, where if a user is logged in on one tab (Tab A) and logged out on another tab (Tab B), moving from Tab A to Tab B can cause the user to be logged out of Tab A due to the clearing of the auth token source (https://github.com/wasp-lang/wasp/issues/1227). For more specific guidance on limiting one active session per user, I would recommend checking the Wasp documentation or reaching out to the Wasp community for further assistance. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @Acer, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
miho
miho•5w ago
I suppose you could use the onAfterLogin hook and modify the Session table with Prisma. Delete the sessions for the user but keep the last one.
miho
miho•5w ago
You need to understand the auth database tables https://wasp-lang.dev/docs/auth/entities
Accessing User Data | Wasp
First, we'll check out the most practical info: how to access the user's data in your app.
martinsos
martinsos•5w ago
@miho might be interesting to have as a simple flag on our side. @Acer what is the motivation beihnd you wanting this? Is it as a kind of a security measure?
miho
miho•5w ago
@miho might be interesting to have as a simple flag on our side.
What kind of flag?
martinsos
martinsos•5w ago
allowOnlyOneSession :D? Or logoutFromOldSessionsOnLogin
miho
miho•5w ago
Sure, if enough people find this useful why not 🙂 that's has been our go to rule of thumb for adding things to core
Acer
AcerOP•5w ago
Thanks @miho and @martinsos . The solution makes sense and it gives me extra push to upgrade from wasp 0.13.x to higher version to use onAfterLogin 🙂 As for the motivation, it is just a deterrent for users to not share login with multiple people and misuse the resources.
Want results from more Discord servers?
Add your server