I have created a sign up api (POST) which generate a token from JWT ,then hitting sign in api , I and able to login in n number of devices at a time.But I want to set device limit on which user can login to be two at a time.I have used mongodb database and used only _id of the user to create token not time.
Asked
Active
Viewed 871 times
1 Answers
0
You could store the tokens in an array in your database.
Then every time someone tries to log in, check if the tokens in the array are still valid, i.e., not expired. If one of them or both are expired, then remove the expired token(s).
Now if the array's length is less than 2, then you can give the new user their token, and push the token to the array in the database. But, if the array's length is equal to 2, then don't give the user their token.
You should check out this post - allow one concurrent user per login with JWT.
Shane John Paul
- 47
- 7
-
Thanks for your response , But I haven't set any expiry time for the token .So valid for infinite time. When user sign up with the credential in device one ,there will token generated.Then for next time ,when user signIn ,in same or different device ..it will just check that user is in db or not ..if its not then added ..and if it is present then just return the user details and no token changes.So in this way I am able to login multiple device at a time .But I want to limit this to 2 devices at a time like netflix device limit functionality. – Ritika Jun 15 '20 at 11:35
-
So, the user could only log in with two different devices at a time, but they will be logged out of all the other devices? – Shane John Paul Jun 16 '20 at 14:53
-
Yes,User could log in Two devices at a time and logout out from all our devices. – Ritika Jun 17 '20 at 15:22
-
In that case, you could follow the same procedure, but instead of expiry, you should create the token with something unique to the device, so that only two unique devices can log in at a time. – Shane John Paul Jun 17 '20 at 21:01