All geek questions in one place

Allow one concurrent user to log in using JWT

We are developing an application with Laravel / PHP, and we want to use a pay-per-pricing model. To do this, we must make sure that the account can only be used by one concurrent user. We use the JWT for authentication, and it is stateless, so I cannot use sessions.

To provide one simultaneous login, I can enclose a browser or IP address, but both of them are not unique, and it is possible that they happen several times, for example. office. I can also send a MAC address, but this is not the easiest way.

Are there other solutions to provide one simultaneous login for a user using JWT?

+8
source share
4 answers

I think that the simple answer is NO, you cannot do it with JWT and keep the server idle. However, if you use a setting with an access token and an update token, perhaps you can achieve something like this:

  • The user is registered, you save the update token in the database
  • Access ID expires. Before you issue a new access token from your update token, do a standard check that the account is still OK, but also compare the update token with the one in your database. Make sure they match.
  • . . ( .)
  • . , .

, . , , . , , Spotify "chasing the stream" .

+6

JWT OAuth2 . 1 , /, () . , (, - ), .

+1

, , , - .

0

, :

: "" value = activeJwt

The user logs in and creates a JWT token, copy the JWT string to activeJWT in your database and send it to the user. If you log in to another device with the same transaction, and the value of activeJWT changes

For all requests that require logging in, the JWT-string and activeJWT users match, if they do not match, it means that another device has logged in after the old token has become useless.

0
source

Source: https://habr.com/ru/post/1656856/

More articles:


All Articles