Allow only one active session per user in Amazon Cognito


I’m using Amazon Cognito as the authentication system for my nodejs application, and as a security requirement, I have to allow only one active session per user.

One way that I could think to do that is:

  1. User try to log in, so call globalSignOut(params = {}, callback) and invalidate all other active sessions

  2. After invalidate the other sessions, call initiateAuth(params = {}, callback), and return user’s authentication tokens.

My question is, there is another way to do that? Maybe a more “official” one?

I’m using aws-sdk for JS


There is no “official” way to do this. The method you stated in your question is the best way to implement this.

Answered By – Ninad Gaikwad

Answer Checked By – Mildred Charles (AngularFixing Admin)

Leave a Reply

Your email address will not be published.