T
T
trauus2020-07-16 12:50:18
Information Security
trauus, 2020-07-16 12:50:18

How to implement session control of client applications?

There is a server, desktop applications installed on clients interact with it. The application specifies the username and password for accessing the server API, and in each request to the server it is transmitted implicitly.

Sometimes, by mistake, applications with the same login-password pairs are launched on different PCs, and it can be difficult to track the very fact of such a situation, and then find the PC where the "extra" application is running.

It is necessary to make it so that in the admin panel you can see all sessions for a specific account and the parameters of the devices from which the connection is made and block them if necessary. In Telegram, this is implemented.

How to do it? I'm interested in the general principle by which such functionality can be implemented, so I don't specify the stack.

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question