Hey @k.oak,
I think you need to create an Action to handle the Post Login trigger and use the Session Management API to find a valid session for the current user on the current device.
Hello @andrea.chiarelli - Thank you for your reply. Looks like session management apis are available only for enterprise users. We are small business and cant really afford enterprise license. I think this is pretty common use case and not every user can opt for enterprise edition. Is there any other way to avoid same user logging into multiple devices?
Hi @k.oak,
Honestly, I’m not sure about the best solution to emulate the Session Management API behavior.
My first thought is to use the event.session object in a Post Login trigger to get the needed data for the current user session and the event.user.app_metadata object to store it.
At login time, check if the current user is already logged in by comparing the relevant current session data with the data stored in the app_metadata object. If the user is already logged in on another device, deny them access.
I have some concerns about the accuracy of this solution, though, because of the reliability of the session expiration date and the presence of refresh tokens that could “resume” a session if they are not revoked
1 Like