We are looking for proper way to ban users.
Just call usersBanId
isn’t enough. Looks like we should call sessionDisconnect
, but how to get sessionId
by userId
we can’t find.
Hi @formatCvt I suggest doing the ban, logout and disconnect on the server via an RPC.
The steps will look like this:
- A user with elevated privileges calls a custom server RPC supplying the userId
- The RPC bans the user
- Then calls
sessionLogout
with no session and refresh token which invalidates all the user’s session tokens - Then lists all their connections and call
sessionDisconnect
to disconnect the sockets (multiple devices)
For the last point, every connected socket has an automatic presence on a notification stream for that user ID (so if the user has 2 connected sockets, it’ll be 2 presences).
You can do a stream user list on stream with mode 0 and user ID as the subject nk.streamUserList({mode: 0, subject: userID}, true, true)
and call sessionDisconnect
to close all the sockets.
1 Like
Thanks, but not working with 3.11.0 from dockehub because fixed later and not released yet Fix data returned by StreamUserList in JS runtime. · heroiclabs/nakama@c773c24 · GitHub