FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Single session per user

    Scheduled Pinned Locked Moved
    General Discussion
    2
    3
    2.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mike.rudat
      last edited by

      In FusionAuth, how can I limit the number of concurrent sessions to a single session per user?

      1 Reply Last reply Reply Quote 0
      • M
        mike.rudat
        last edited by

        @mike-rudat Currently, there's no built-in single session solution. However, this can be implemented and managed via webhooks.

        When a user logs in a webhook fires. In response to that webhook one can then revoke existing refresh tokens issued to the user previously. Webhooks can be enabled via FusionAuth Admin UI->Tenants->Webhooks. A good place to start would be user.login.success.

        Here is the documentation for webhooks and revoking JWT's.
        https://fusionauth.io/docs/apis/webhooks
        https://fusionauth.io/articles/tokens/revoking-jwts

        This may require a decent amount of consideration when SSO is enabled and there are multiple applications a user can be logged into. You will have to iterate through that user's existing issued JWT's and logically determine which ones to revoke.

        danD 1 Reply Last reply Reply Quote 0
        • danD
          dan @mike.rudat
          last edited by

          @mike-rudat This might be of interest too: https://fusionauth.io/docs/extend/examples/device-limiting

          --
          FusionAuth - Auth for devs, built by devs.
          https://fusionauth.io

          1 Reply Last reply Reply Quote 1
          • First post
            Last post