Hi guys, I’m just in the process of building a 2FA system for the first time and I could use your advice. I want to stop users from logging in on multiple devices simultaneously - so I want to save the User’s IP address. When a successful login is made with a new device, I want the server to invalidate the previous session and boot the user off / destroy the session.
However, I’m struggling to think of an efficient way to do this. I don’t want to add a check for whether the User’s session is valid on every single action… Does anyone know of a better way to detect that the current session is invalid and boot the user?