Limit number of devices logged in at the same time Answered

Post author
Duncan Hamra

Asked by Spora Design in Slack

Hi! Anyone know if memberstack allows a max number of devices logged in at the same time?
And could it be done with some code? Like.. when someone log in, the rest of devices log out? Can it be done?


1 comment

  • Comment author
    Duncan Hamra
    Answered by Nicolas in Slack

    Right now, we can't force logouts until the JWT expires. The best that can be done currently is:
    • Create a JSON field called "devices" that takes an array of IPs. ( If you don't want to use member JSON, you can use custom fields, but you'd have to pass in the IPs as comma separated values instead of an array)
    • using JavaScript to check IPs and everytime a member logs in with a new IP - add that IP to your devices field (push the IP into the array if using Member JSON, or convert the array to a string of CSVs and add to custom field)
    • Using the getCurrentMember() method or getMemberJSON() method on each page and retrieve the devices field. Use JS to see if there are more than X amount of IP entries in the device field (you set this limit yourself and hard code it in your logic).
    • Redirect the member to login page if limit is exceeded (or a page with text explaining that they have too many active sessions and they need to log out themselves)
    This is pretty technical and just a high-level overview but it's doable with our front-end API
    We are also exploring ways to give developers more control in overriding / extending auth sessions (which could include admin API ability to force logouts)But there's no word on this being an official feature that would get released anytime soon.
    Happy to jump on a call and talk through the solution I presented above if you wanted to give it a go with the API 

Please sign in to leave a comment.