CODEWITHSUNDEEP
node.jsauthenticationexpresssocket.iologout
Amol M Kulkarni
Amol M Kulkarni

Reputation: 21629

Force logout if the same user logs-in from differnet browser or machine. Node.js + Express + Socket.IO

Scenario: Consider a Log-in system (Node.js + Express + Socket.IO) which matches the username and password and allows user to access authenticated page. Log-in system stores Session Id as cookies at client and validates it at server on each and every authenticated page requests and allows/forbid accordingly.

Issue: Now, Suppose same user logs-in from different machine or browser, I want the previous user to push out to session expired page and show information for example: "You may be logged in from different browsers or machine. Please do not share passwords. For more information visit: SomeLinkHere"

Note: I just do not want to invalidate user log-in session, when the user logs in from a different browser or machine, I want to push user to session expired page even if user is not clicking any links or requesting any further authenticated page.

Main intention behind this: To avoid situations like, for example: "If user is watching some sensitive data such as live reports (i.e. dashboards on socket.io) and shares his password to others."

Question: Since the socket.io is already in use for reporting real-time data, How can this be achieved without overloading existing socket.io connections?

Upvotes: 2

Views: 3281

Answers (1)

Mithun Satheesh
Mithun Satheesh

Reputation: 27855

This may be done using.

  1. As the users in the app are authenticated, while clients do the connection they also pass the userid (or any other unique identifier) with the connect Function call. like: 

    socket.on('connect', function(){
  socket.emit('adduser', userID);
});

  2. At server keep a JSON array for keeping sockets associated to userids information. like: 

    [{'USERID1':'SOCKETID1'},{'USERID2':'SOCKETID2'}....,{'USERIDN':'SOCKETIDN'}]

  3. When new user does the socket connection we check the userid is already there in the array. like

    socket.on('adduser', checking function here);

  4. If its already there, then force the existing ones to disconnect and update the socketid in JSON array with new one.

    Here is a reference

Upvotes: 5

Related Questions