How to disable multiple sessions in the same browser

General
,
1

We have a custom Angular web portal, where we are using Vahana 1.0 - vConnect to handle all the requests.
Our client has raised an appsec point that where a user has logge dinto the application and then at the same time, if he tries to login on another tab with the same credentials he is currently allowed to login in parallel.
For this we have configured “Is Multiple Session Allowed” as “N” in the “Secure Access Policy”, however the same is not working.
We have a vDesigner mobile app on the same App_id where the same configuration is working fine.

image
image335×510 18.4 KB

What other changes are required to be done to achieve this?

4 Likes
2

Hi @VivekBhardwaj ,

Multiple Session Allowed=Y/N feature work only if you have created User Level Session in your front end applications. All the application designed on vDesigner & vFlow creates User level session, hence it is working in vDesigner Application.

Most probably, your custom application is not creating User Session, hence it is not working.

What you need to do in your custom application:

  1. Identify which step will be considered as User Login. For example: Validation of User Id and Password. Validate OTP can be your User Login step.
  2. Once you have identified the same (let’s say VALIDATE_OTP), then your angular application need to call Auth function of Platware client. This function will call Validate OTP and if Validate OTP is Success then it will create user session.
  3. Once user session is created, your session related issue should get solved.

You can take help from @Amanaggarwal at code level if required.

6 Likes
3

@Vikas_Dhillon
When we update the User login service to “User Level Session” in vConnect, then the login is disabled as it gives error message “It seems that service scope is configured as SECURE but it is called as OPEN

image

3 Likes
4

@VivekBhardwaj : Request Scope will remain DEVICE_LEVEL_SESSION for authentication service, because while calling a authentication service user session is not yet created.

1 Like
5

@VivekBhardwaj

You have to update the apiGateway js file in your custom code and call doPostWithoutParsing method. I will share the updated apiGateway.js file to you on separate mail. Because this format is not supported here.

5 Likes