.net core - Single session using servicestack

Question

I like to implement the functionality where if two users are trying to login with the same credentials then the first user should log out as soon as the second user login.

consider user one is logged in with his credentials from one machine and he/ another user is trying to log in from another machine then the user one session should be removed as soon as user one logged in.

Ps: I tried to implement that by saving the current session id in the user table and overriding the OnCreated method from the IAuthSession interface and then checking in that if the request sessionId is the same as the saved session Id if same then process the request else call the lout endpoint.

But It will be not good for performance and I am not sure if it is a good way to do that?

PS: I am using a JWT token.

Update : I am able to clear the session by using ICacheClient to get the session and then remove a session from the server using IRequest.RemoveSession(sessionId), but is it not log out the specific user.

Answer 1

You can't invalidate a user authenticating with stateless authentication like JWT which has the signed authentication embedded in the Token which is valid until the JWT expiry.

i.e. you can't revoke a JWT Token after it's already been issued.

There is a JwtAuthProvider.ValidateToken filter you can use to execute custom logic to prevent a user from authenticating which you may be able to use however that would require that you manage a collection of Token info you want to prevent from authenticating before its Token expiry.