This project implements a Node.js middleware that ensures a single active session per user. It validates user tokens using JWT and manages sessions with Redis. The goal is to restrict a user's account to be active on only one device at a time, enhancing both security and control.
- Node.js: Backend server.
- Express.js: Web framework.
- Redis: Session management.
- JWT: User authentication and authorization.
- Enforces a single active session for each user.
- Validates JSON Web Tokens (JWT) for authentication.
- Stores and manages session data in Redis for real-time checks.
- Automatically logs out previous sessions when a new session is initiated.
- When a user logs in, a JWT is generated and stored in Redis under a unique key (
user:{id}). - For every protected route, the middleware checks:
- If the provided JWT matches the one stored in Redis.
- If they don't match, the user is denied access.
- Any new login overwrites the existing token in Redis, effectively invalidating the old session.
- Clone the repository:
git clone https://github.com/dilshodbek-yoqubjonov/single-active-session.git
-
Install all needed packeges:
npm install
-
Run project with nodemon:
npm run dev