Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Only opening a single session per user #131

Open
sagivoulu opened this issue Aug 22, 2021 · 1 comment
Open

Only opening a single session per user #131

sagivoulu opened this issue Aug 22, 2021 · 1 comment

Comments

@sagivoulu
Copy link

I am using lua-resty-session along side lua-resty-openidc in order to authenticate users & create a session for them.

No our security team wants me to only allow a single session per user (The assumption is that if Alice has two sessions from two computers than one of these sessions must not be Alice).

Do you know how this can be done with lua-resty-session? What I am thinking of doing is everytime a user logins and lua creates a session for him, I will search for another session with the same user id. if another session exists, the other session will be destroyed (Basically everytime Alice logs in from a new computer, all other older sessions get destroyed).

So any idea how this can be done? Is there an option to find a session object by content? something like:

session.find({user_id: "alice"})

P.S. I am storing the sessions in a shared redis instance
@bungle bungle mentioned this issue Jan 14, 2022
Closed
@bungle
Copy link
Owner

bungle commented Feb 2, 2023

The 4.0.0 has store_metadata option. Next we need to start using this data.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bungle @sagivoulu