Skip to content

Preventing user to login in multiple device by sharing cookies #1642

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
IkramBagban wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Preventing user to login in multiple device by sharing cookies #1642

IkramBagban wants to merge 3 commits into from

Conversation

@IkramBagban
Copy link
Contributor

@IkramBagban IkramBagban commented Dec 9, 2024

PR Fixes:

  • 1 this pr fixes the issue of multiple login by sharing coockies.

How it solves:

  • I am using @fingerprintjs/fingerprintjs package which generates a unique Id for every device.
  • I am generating the deviceFingerprint id and storing it to the user table when user login.
  • so we will have the latest deviceFingerprint Id of recently logged in device.
  • and in video player I am validating the deviceFingerprint Id every two minutes.
  • So even if a user is watching videos while logged in with shared cookies, they will be logged out when the fingerprint doesn’t match.

Why I didn't validate IP of the user on every req?

  • As we know IP often changes when we switch the network
  • So it will be a bad user experience if the user is logged out every time IP changes.

Resolves #1613

Checklist before requesting a review

  • [✅] I have performed a self-review of my code
  • [✅] I assure there is no similar/duplicate pull request regarding same issue

@IkramBagban IkramBagban mentioned this pull request Dec 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Store IP during signups, restrict tokens to IPs

1 participant

@IkramBagban