FHey ATM a user can have multiple session per client if the user uses multiple "user-agents/devices"
Can you share what the idea is behind limiting this?
Can you share what the idea is behind limiting this?
FThe general idea is for security reasons. Our application is designed to use only one active access and refresh token pair at a time. (If we talk about the web app client)
And this per client or for the user in general?
FThanks for the explainer, I now understand what your goal is.
I think my answer here Limit number of user sessions could also work for this case.
However it currently involves a little bit of glue code
I think my answer here Limit number of user sessions could also work for this case.
However it currently involves a little bit of glue code