I'm trying to restrict the amount of devices a single user can be logged

So I’m a mean stack developer currently working on a website where users have to login. I want to limit the amount of devices in order to prevent password sharing. Is this possible?

Just about anything is possible.

I’m just guessing, here, but…

How will you know if they are still logged in into an account? Set up a socket? Have them ping the server every 10 seconds? If you know that they are already logged in somewhere, it should be easy to reject new logins.

Yes it’s possible, but not very common as most applications will work fine if a user is logged into multiple places.

A few ideas that come to mind are to leverage the user’s IP, account, their browser version, and operating system information (you can get a little doing stuff like this).

You could also keep track of “who” is logged in “where” via these tokens server-side, so if the same user tries to login on a duplicate compute on the same IP, it would get denied by the server-side, which already knows 1 machine is logged in.

I think it’s worth mentioning that this feature might be trying to “solve” another problem, which may or may not be solvable another way.

1 Like