I'm using rails devise gem. I want to restrict the user to allow from multiple devices(2), not multiple browsers. Is it possible to handle session at device level? If not is there any way to handle this?
Asked
Active
Viewed 318 times
0
Surendra
- 124
- 2
- 7
-
The session is already on the per client level. Each connecting client gets a unique session id and session store unless they already have a cookie. Note that you need to seperate sessions from the notion of being "logged in". Being "logged in" just means there is a user ID in the session store. http://guides.rubyonrails.org/security.html#what-are-sessions-questionmark – max Apr 25 '17 at 03:19
-
are you talking about mobile device? – Aniket Tiwari Apr 25 '17 at 03:48
-
If a user logged into a browser, I should not allow him to login from other devices(laptop). But he should be able to login-in from other browser from the same laptop. My requirement is that, user can logged into the system at most 3 devices. If he crossed that limit, I should not allow him to login. – Surendra Apr 25 '17 at 04:31
1 Answers
0
You could use and maybe extend the devise_invalidatable gem. Although not documented, this gem limits the number of sessions per user to 10. This could be modified or parameterized if you were so inclined.
mikwat
- 533
- 3
- 11