When the same user ID is trying to log in on multiple devices, how do I kill the session on the other device? Asp.net Identity

Question

What I want to do is to limit a user ID to only being able to log in to one device at a time. For example, user ID "abc" logs in to their computer. User ID "abc" now tries to log in from their phone. What I want to happen is to kill the session on their computer.

I'm using Asp.net mvc and identity membership. I've an idea to create a table logins. save userId , current session or claim id and when someone logs in delete all sessions according to the userId, except current.

Can someone provide actual code how to implement such functionality?

score 2 · Accepted Answer · edited May 23 '17 at 12:07

2

The main role of SecurityStamp is to allow this functionality. Change it, and all of the signed in devices will be effectively signed out.

For more information, you can read What is ASP.NET Identity's IUserSecurityStampStore<TUser> interface?

edited May 23 '17 at 12:07

Community

1
1

answered Mar 22 '16 at 05:17

Alireza

5,421
5
34
67

Please follow the link I've provided. It is written by a member of Asp.net Identity team. – Alireza Mar 22 '16 at 05:21

When the same user ID is trying to log in on multiple devices, how do I kill the session on the other device? Asp.net Identity

1 Answers1