Stop concurrent logins

[Sanjay-Chaudhary]

Can we stop concurrent logins when using sorcery in ruby on rails? If yes then how?

[Ch4s3]

There's nothing built into the gem that I'm aware of. You would probably need to add a column to track that or build off of remember_me.

[Ch4s3]

closing due to inactivity. Ping me if there are further questions.

[joshbuker]

Personally I think this would make sense to be built in, although as an optional setting. The app that I'm working on currently also requires only one logged in instance.

I'll work on this when time permits.

[Sanjay-Chaudhary]

Yes... lot of projects now require to stop concurrent logins... every pen test point out this issue. It will be really good to have this feature... looks like Devise gem have this feature. lot of projects use sorcery. Thanks

[joshbuker]

@Ch4s3 would this make sense as an opt-out feature, or should it be opt-in to not change behavior for existing apps? I can't think of many cases where multiple simultaneous logins is really necessary.

[Ch4s3]

I think it should be opt-in, otherwise it will break backwards compatibility. I think it's definitely worthwhile though and will happily look at PRs.

[joshbuker]

Sounds good, thanks @Ch4s3!

[Ch4s3]

Is anyone still interested in this?

[Sanjay-Chaudhary]

Any progress or update on this please.... is this going to happen in sorcery gem or do we have to use devise to stop concurrent logins?

[joshbuker]

@Sanjay-Chaudhary Yes, this will happen. Unfortunately, just not for a while unless there's some help from the community. My time is still limited, and what's available will be going towards reviewing and merging open PRs first. If you would like to take this on, I would be willing to help as much as I can. Beyond that, I can't really promise a concrete timeline.

[joshbuker]

@mladenilic this is another high priority feature that needs worked on.

@Sanjay-Chaudhary, do you still use Sorcery and/or would be interested in helping us implement this functionality?

[mladenilic]

@athix: #218 implements a modules which adds support for this. Looking forward to your feedback.

[Sanjay-Chaudhary]

O wow... so I can download the latest code and expect the concurrent login will work?

Regards, Sanjay.

Get Outlook for Androidhttps://aka.ms/ghei36

---

From: Mladen Ilić [email protected] Sent: Sunday, December 22, 2019 2:36:49 AM To: Sorcery/sorcery [email protected] Cc: Sanjay-Chaudhary [email protected]; Mention [email protected] Subject: Re: [Sorcery/sorcery] Stop concurrent logins (#93)

@athixhttps://github.com/athix: #218https://github.com/Sorcery/sorcery/pull/218 implements a modules which adds support for this. Looking forward to your feedback.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Sorcery/sorcery/issues/93?email_source=notifications&email_token=AICTGGAYCECIFEHBKB62AM3QZ3HEDA5CNFSM4EE45Y72YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHPHPBA#issuecomment-568227716, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AICTGGEZ4WU4XK4VF3ELH3LQZ3HEDANCNFSM4EE45Y7Q.

[mladenilic]

@Sanjay-Chaudhary: PR is not yet merged to the master, you'd have to use forked repo for now: gem 'sorcery', git: 'git://github.com/mladenilic/sorcery.git', branch: 'single_session'

Also, you'd need to install new submodule as well: rails generate sorcery:install single_session --only-submodules

Keep in mind that this is still work in progress, in case you plan to use it in production. If you decide to give it a try and you have additional questions, you can find me on gitter.

[joshbuker]

This will be supported in v1 with the move to UserSession records being the middleman between the session and the user. Single login can be enforced by adding a unique constraint to your UserSession record on the user belongs_to association.