The problem: it seems to me, like the normal and best way to look at sessions is: One session per device, per user.
So, you can have one session alive per device, meaning one session per web browser, per phone, tablet etc. You should not be allowed have two or more valid sessions for the same phone, for example.
When I implemented my own session cache and auth structure, I implemented it as above, since my apps are sending a "DeviceUUID" that is unique for each device. In that way, I could detect that "there is a valid session for this DeviceUUID and User already" and act accordingly (replace the old session with a new one).
Now, when I am evaluating ServiceStack, I'd like some input on how to do this using the IAuthSession etc.
Currently, I have custom code to authenticate to the backend, so I get a IAuthSession that I populate with some data, like:
session.FirstName = alrReply.Actor.Firstname;
session.IsAuthenticated = true;
session.UserAuthName = alrReply.Actor.Username;
session.UserAuthId = alrReply.AuthToken;
session.Roles.Add("alfaconnect");
base.Request.SaveSession(session);
I also have access to the "DeviceUUID", but I'm not sure how to make sure ServiceStack behaves as described above. Is it doable?
I have read similar posts here in SO, but either they didn't address the same issue, of I didn't understand the answer.
The way I solved the question can be seen below, even though a much more efficient way to check for duplicate sessions for the same DeviceUUID should be implemented.
IAuthSessions
and check for other sessions that has the sameDeviceUUID
and UserId (my custom userId)AuthProvider
to save theDeviceUUID