Only one login per device/browser?

Question

Only one login per device/browser?

code-r-man opened this issue 2 years ago · 4 comments

Is it possible to force logout from all other devices/browsers on log in?

I would need this to prevent people from sharing their credentials with others, so once a login is performed on one device/browser all others should be logged out.

Thank you in advance.

Answer 1 · 2022-07-12T08:26:18.000Z

Do this after login
$auth->logOutEverywhereElse();

Link

Answer 2 · 2022-07-12T09:39:59.000Z

Do this after login
$auth->logOutEverywhereElse();

Link

I've tried this but nothing happens to other devices, they are still logged in (they don't get logged out after refreshing the page).
I've also changed the 5th argument of the class instantiation to 10s in an attempt to sync everything quicker.

Could be I am doing something wrong also 😇

Answer 3 · 2022-07-12T10:59:36.000Z

Do this after login
$auth->logOutEverywhereElse();
Link

I've tried this but nothing happens to other devices, they are still logged in (they don't get logged out after refreshing the page). I've also changed the 5th argument of the class instantiation to 10s in an attempt to sync everything quicker.

Could be I am doing something wrong also 😇

Is there any error or warning?

I got headers already sent error.
Fatal error: Uncaught Delight\Auth\HeadersAlreadySentError in /composer_modules/vendor/delight-im/auth/src/Auth.php:549

The catched warning:
Warning: session_regenerate_id(): Cannot regenerate session id - headers already sent in /composer_modules/vendor/delight-im/cookie/src/Session.php on line 66

Update: Maybe I did something wrong but the example also not working
example

Update2: The example is works after a few minutes

Answer 4 · 2022-07-13T22:01:09.000Z

Update2: The example is works after a few minutes

Note: Global logouts take effect in the local session immediately, as expected. In other sessions (e.g. on other devices), the changes may need up to five minutes to take effect, though. This increases performance and usually poses no problem. If you want to change this behavior, nevertheless, simply decrease (or perhaps increase) the value that you pass to the Auth constructor as the argument named $sessionResyncInterval.

https://github.com/delight-im/PHP-Auth/tree/79cc24931811f01a207cf0eb36b71cb84c71390b#logout