Denying login to a user already logged in elsewhere?


I’m new to Auth0, been trying the sample app and customizing things, but we got to a problem with the client requirements:

  • I got asked to deny the client login if it is already logged in somewhere else.

My understanding is that Auth0 should know about this, about the “not closed” sessions, but I don’t see a way to communicate and get the info. At the same time, I would love not to go the DB route, so I am trying to see how to set up actions and such, but I see that logout itself doesn’t have flow to affect.

Thanks for any feedback or pointers I could get from the community!

Hi @j.recasens,

Welcome to the Auth0 Community!

It sounds like what you’re needing is the Sessions API which is scheduled to be released later this year (Q3 I believe). The Sessions API will support features like:

  • Terminate sessions for applications across multiple channels.
  • Supports session revocation, access token revocation, and single sign out.

I know this doesn’t immediately solve your problem but I wanted to let you know that there’s a solution on the horizon.

I hope this helps!