Mihaela Vasiu
Rank: #27041
218Views
11Comments
Logout the user when logging in from another browser/computer
Question

      Hi,

    I have a scenario where a user must be automatically logged out when logging in from another browser/machine. From example: I am logged in Chrome and now I am logging in Incognito. At this moment, I should be able to login in Incognito and, also, I should be automatically logout in Chrome.

Can anyone suggest me how to achieve this?

Thanks in Advance

0
0
on 2019-07-08
Copy link to comment
Matthias Preuter
mvp_badge
MVP
Rank: #27

Maybe you could do something with the MQTT Web client component; with this component you can communicate between multiple browser clients.

Kind regards,

Matthias


0
0
on 2019-07-08
Copy link to comment
Matthias Preuter
mvp_badge
MVP
Rank: #27

Matthias Preuter wrote:

Maybe you could do something with the MQTT Web client component; with this component you can communicate between multiple browser clients.

Kind regards,

Matthias



@Mihaela: try the link I mentioned before; this includes a demo project.

0
0
on 2019-07-08
Copy link to comment
Mihaela Vasiu
Rank: #27041

Matthias Preuter wrote:

Matthias Preuter wrote:

Maybe you could do something with the MQTT Web client component; with this component you can communicate between multiple browser clients.

Kind regards,

Matthias



@Mihaela: try the link I mentioned before; this includes a demo project.

Thank you, Matthias. I will further investigate this client component using the link that you mention.


0
0
on 2019-07-08
Copy link to comment
Rahul Sahu
Rank: #87

Hi Mihaela,

You can use this - retrict user login on second browser 

  Maintain a flag in database; upon every login/out update the flag. For instance, upon every authentication request  you can reject the login request if the flag is already true.


Thanks

Rahul Sahu

0
0
on 2019-07-08
Copy link to comment
Mihaela Vasiu
Rank: #27041

Rahul Sahu wrote:

Hi Mihaela,

You can use this - retrict user login on second browser 

  Maintain a flag in database; upon every login/out update the flag. For instance, upon every authentication request  you can reject the login request if the flag is already true.


Thanks

Rahul Sahu

Thank you Rahul. The problem with your suggestion is that I don't want to restrict the login. Actually, I want to let the user login in if the flag is true, and automatically log out the user where the previous logging was made. 


0
0
on 2019-07-08
Copy link to comment
Afonso Carvalho
mvp_badge
MVP
Rank: #45

Hi Mihaela,

You'll have to manage the User sessions yourself since I don't think Outsystems exposes them: you'd need an Entity with something like:

 - a UserId, to identify who owns that session;

 - a LastDateOfInteraction, to know when was the last time the session was used;

 - something to identify the origin of the session: an IP address, possibly;

And with those three things, you'd be able to identify if a user starts any "concurrent" sessions. The part of your implementation that will vary is going to depend on how quickly you need to react to that second login: if you want the user to be immediately logged out, you'd need to implement something with a server push (like Matthias' suggestion). If it's okay to only log out the user when he goes back and attempts to interact with the application on his first session, then you could have an action that checks for concurrent sessions and logout the user there.

2
0
on 2019-07-08
Copy link to comment
Mihaela Vasiu
Rank: #27041

Afonso Carvalho wrote:

Hi Mihaela,

You'll have to manage the User sessions yourself since I don't think Outsystems exposes them: you'd need an Entity with something like:

 - a UserId, to identify who owns that session;

 - a LastDateOfInteraction, to know when was the last time the session was used;

 - something to identify the origin of the session: an IP address, possibly;

And with those three things, you'd be able to identify if a user starts any "concurrent" sessions. The part of your implementation that will vary is going to depend on how quickly you need to react to that second login: if you want the user to be immediately logged out, you'd need to implement something with a server push (like Matthias' suggestion). If it's okay to only log out the user when he goes back and attempts to interact with the application on his first session, then you could have an action that checks for concurrent sessions and logout the user there.

Hi Afonso, thank you very much for your help.

I will try to investigate more about the way I can implement a server push as Matthias suggested. 

Regarding the concurrent session, is not clear for me how I can get information about another session. Maybe this is the reason for using an IP address, but how is this achievable in Outsystems? Also, this IP address must be stored in the Entity that you mention?


0
0
on 2019-07-08
Copy link to comment
Matthias Preuter
mvp_badge
MVP
Rank: #27

You could register the user login and broadcast a message by MQTT to logout other sessions. In every screen there is a MQTT listener that response on this message by logging out.

Hope this helps,

Matthias

0
0
on 2019-07-08
Copy link to comment
Mihaela Vasiu
Rank: #27041

Matthias Preuter wrote:

You could register the user login and broadcast a message by MQTT to logout other sessions. In every screen there is a MQTT listener that response on this message by logging out.

Hope this helps,

Matthias

Hi Matthias,

Thank you very much for your help. Indeed, this is what I need, but I have no clue how to include this in my project. Do you have any idea where I can find an example of how to integrate MQTT listener for logging out in Outsystems?

King regards,

Mihaela


0
0
on 2019-07-08
Copy link to comment
Joey Moree
Champion
Rank: #104

Why would you try to make something like this?

If 2 people are working with the same account perhaps?
But wouldn't that infuriate the users when they get kicked out of the application? 

In order to achieve this you would have to invalidate the session if you receive a new login and as stated before, you can't really do this in Outsystems, if you had more control over your server you could probably narrow down what session to destroy so that the other "browser" gets a forced log-out.

Within Outsystems you will have to create an extension of the user entity, where you hold a certain value to check against (this could be a random hash which you compare with some user-session value). But it will require a few extra checks since Outsystems considers this user as logged in.

Again asking why would you want this? Isn't there another way to reach your objective?

0
0
on 2019-07-08
Copy link to comment
Sagar Nannaware
Rank: #1072

Hi Mihaela,

There is solution in Outsystems to invalidate user session. 

1) Create an extension entity containing following attributes,
- UserId (as identifier)
- SessionGUID

2) Add Session variable, SessionGUID

3) In OnSessionStart action, update SessionGUID session variable and also update the SessionGUID in an entity against UserId.

4) In OnBeginWebRequest action, check if SessionGUID of the session and from entity is different then call logout action.

Hope this helps.

Regards,
Sagar

0
0
on 18th Jan
Copy link to comment