You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using single_socket makes sure that there’s only one active sessions by disconnecting the previous login. The problem with this solution is that single_socket only disconnects socket, does not log out the user from that other device(previous login). This could pose as a security flaw as the auth token and refresh token are still valid.
There should be a way to invalidate these tokens(tokens from older login) or simply log out the older login maybe through a configuration along side single_socket on the backend.
Chris has provided a solution in the above comment but that is still not secure because it is not Nakama authoritative which would be the most secure scenario.
The text was updated successfully, but these errors were encountered:
abmaurya
changed the title
[Feature Request] Logout or Invalidate Auth/Refresh token through Nakama
[Feature Request] Logout or Invalidate Auth/Refresh token through Nakama backend
Apr 13, 2023
Using single_socket makes sure that there’s only one active sessions by disconnecting the previous login. The problem with this solution is that single_socket only disconnects socket, does not log out the user from that other device(previous login). This could pose as a security flaw as the auth token and refresh token are still valid.
There should be a way to invalidate these tokens(tokens from older login) or simply log out the older login maybe through a configuration along side single_socket on the backend.
Forum discussion:
My comment:
https://forum.heroiclabs.com/t/preventing-users-from-having-multiple-sessions/36/13
Chris Molozian's comment:
https://forum.heroiclabs.com/t/preventing-users-from-having-multiple-sessions/36/14
Chris has provided a solution in the above comment but that is still not secure because it is not Nakama authoritative which would be the most secure scenario.
The text was updated successfully, but these errors were encountered: