Identity has no built-in way to track simultaneous logins, but you can work: every time a user logs in, before setting an auth-cookie, change the SecurityStamp user to await userManager.UpdateSecurityStampAsync(user.Id);
And make sure you have this part in Startup.Auth.cs :
app.UseCookieAuthentication(new CookieAuthenticationOptions { Provider = new CookieAuthenticationProvider { // Enables the application to validate the security stamp when the user logs in. // This is a security feature which is used when you change a password or add an external login to your account. OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>( validateInterval: TimeSpan.FromMinutes(5), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) } });
Thus, every time you enter the system, all other sessions become invalid, as the security element on the user changes. And validateInterval is low enough, so other auth-cookies may be invalidated soon enough.
trailmax
source share