Best way to prevent user from logging in to two devices

What is the recommended approach to prevent the same user from authenticating on multiple devices? I see the user account has an online flag, but any authentication attempt for that account would I’d assume turn that flag to true.

We have implemented this in one of our games. We chose to continue the newer session, the one that is being authenticated while this check is being done. The final solution will depend on what exactly your design is, but this is what we had done.

  • Through code, ensured that we allow only one session from a device at a time. Thus, made sure that any existing client is disconnected before making a new client.
  • When we receive a new authentication request, and we find an existing session (sessionid different from the current sessionid), we send a message on stream to the existing session to show a message and gracefully disconnect.
  • Upon receipt of this message on ‘older’ device, disabled the ‘reconnect’ code that attempted to reconnect to the server and to be safe, logged out the user.

Like I said, the actual implementation will depend on your design. Hope this helps.

1 Like

Thanks for this. I think we’ll work on a system that uses the device id list. Basically the most recent device id used will take priority. the user will receive notifications on all devices, with the persistent flag as false, and if the device id doesn’t match the most recent one, you’re logged out.