Application Overview

This service-oriented application provides centralized logic to manage and enforce concurrent session control across a web or mobile platform. Its core functionality ensures that each user either maintains a valid session or is seamlessly logged out and prevented from creating unauthorized or duplicate sessions.

It is built to handle the following key scenarios:

• Preventing users from logging in multiple times simultaneously on different devices or browsers.
• Automatically creating or validating sessions upon login and API activity.
• Enforcing secure logout behavior and session cleanup.

Key Service Actions

1. ServiceCheckAndCreateSession

Purpose:
Triggered during the login process to verify or initiate a user session.

Functionality:

• Checks if the user already has an active session (based on user ID or token).
• If a valid session exists, it may reject login or notify the user (depending on business logic).
• If no session is found, it creates a new session record (e.g., timestamp, device info, token).
• Typically invoked after user credentials are authenticated.

Usage:

• Called as part of the login workflow before granting access.
• Can be extended to log IP, device fingerprint, or location metadata.

2. ServiceLogoutAndClearSession

Purpose:
Executes during the logout process to clean up session data.

Functionality:

• Locates the user's active session using session ID or user credentials.
• Deletes or invalidates the session record to prevent further access.
• May log logout time and update activity history.

Usage:

• Triggered explicitly when a user logs out from the application or times out due to inactivity.

3. ServiceValidateSession

Purpose:
Runs in the background on every page load or API interaction to ensure the session is still valid.

Functionality:

• Verifies that the current session exists and hasn't expired or been revoked.
• Redirects unauthenticated or expired sessions to a login page or error handler.
• Can be integrated into a base layout or common API middleware.

Usage:

• Crucial for securing private pages and endpoints.
• Helps prevent session hijacking or unauthorized access.

4. DeleteLoginDetails

Purpose:
A timer-triggered background job that runs at fixed intervals to clean up stale sessions.

Functionality:

• Executes every 5 minutes to scan and delete inactive or expired session records from the system.
• Uses last active timestamps or session lifetime rules to identify sessions no longer in use.
• Keeps the session data lightweight and helps maintain performance integrity of the app.

Usage:

• Configured as a scheduled job to enforce periodic session table housekeeping.
• Enhances scalability and minimizes clutter from orphaned or abandoned sessions.