As per my use case, I need to restrict my end-user to login from single device. I want to implement any one of the following. Assume end-user is already logged in from one device. When user tries to login from second device
App should prompt to logout from first device and App will not allow to login from second device until user successfully logs out from first device.
Without prompting anything to end-user, app terminates session on first device and allow login to new device and creates a new session.
Any of these approach will help me to implement my use case.
b) The next time the user logs in, revoke all sessions from the Admin API in your custom function, before logging them again and setting the user’s new Device ID - this way you get to add your session expiration logic before the user has actually logged in on another device and provided another session token.
c) Add client code to handle invalid session requests and take user to logout screen
In practice, this would look like:
device a → logged in
device b → calls login function → -> revokes all sessions and invalidates device a → logs user in from device b with new session → user is logged in on device b successfully
any subsequent request will fail, client code handles invalid session and takes user to login screen
If you want to request more session/token configuration options - you can add a request here. We use items here to influence our roadmap on Realm.
A quick search on the MongoDB Developer site returns this article has has the same title. I’m pretty sure that MongoDB changed their site around a bit not that long ago so it makes sense that articles were moved to the new location.