I have a RestAPI which when hit authenticate the user. This api is exposed to android and ios developers they hit this api to allow user to login to our app
My requirement is this.1) If user has cell phone say abc phone with IMEI "abc1234". He logs in from this phone. Now if he tries to log in from his 2nd phone than he should not be allowed to login from 2nd phone. He should first log out from abc device.
now there is few complications 1) if user is logged from abc. With out loging out he formats his phone or uninstalls the app. Then how should I handle login from same device or other device.
Basically I want to know about strategies or good practises for such type of scenarios.
User will only be allowed to login when the value of boolean character is 0. In your case. if user formats the application after successful login he will always have boolean as 1. Then set boolean to 0 if it remains 1 for some days.
First could be to include the user's IP address in your data (database, cache, token, etc). Then you could verify that the IP address of the first login is being used, and block all other login attempts or subsequent requests from any other IPs for the given user.
To prevent the user from login on multiple systems or web browsers you need to generate a token on each successful login attempt. Need to check the token on each page. If the token does not match then destroy the SESSION and log out the user.
Good practice would be let the user login from second device and logged out him from first device it would be better from user experience as well as will be easy to handle e.g
I logged in from DeviceId A
(update DeviceId in db against the user)
then I try to logged in from DeviceId B
(again update DeviceId overriding previous DeviceId in db against the user)
Now If I make a request from DeviceId A
, match the DeviceID in DB, it will return false. Send user back to login page.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With