if one person login with two diffrent device, how to keep just one session alive?

[virtoolswebplayer]

two questions

1. how to list all sessions?
2. if one person login with two diffrent device, how to keep just one session alive?

[mark-bradshaw]

Hi @virtoolswebplayer.

Regarding #1, there's not a good way to do this IMO. The sessions get stored in the Hapi server cache with a random UUID. Neither yar nor cache provide a means to list everything in it, and there's not an obvious way to pick them out of other possible cached data. However you could implement customSessionIDGenerator in your yar options and use that to either generate easily recognizable session ids that you could perhaps locate directly from an externally backed cache (not the default in-memory implementation), or keep track of all session ids you generate in a separate location outside of yar.

You'd also need to deal with figuring out which sessions had timed out. Yar doesn't track this proactively, but rather relies on the built in cache expiration functionality of catbox to do the hard work. Even if you got a list of all issued session ids, you'd need to go out to the cache and to figure out which ones were still active.

Regarding #2, a typical way to do this is to make note of the active session per user whenever a person logs in, and recheck this as part of your authentication mechanism. For speed you might do this in a separate redis cache to avoid hitting a slower db. Whenever the user logs in again from a new device, the new session id is noted in your cache, and the old one will no longer validate.

[lock]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.