Hey @Kunal!
I think this is typically solved through whatever authentication provider your are using, or building something custom on your end to manage sessions.
The general flow could be:
- Customer logs in, you generate a “Session ID” and save it as the first item in an array on your customer object and in local storage on the device.
- If the “Session ID” array on the customer object in your database ever exceeds 3 (or however many devices you want to limit) throw out the oldest session ID.
- Every time the customer opens the app, check that the Session ID in local storage exists in the Session ID array on the customer object from your database. If not, log out the customer and make them re-authenticate (which would logout someone else).
There are ways customers could hack this, by sharing session IDs and overwriting local storage, but could be a good place to start for what you’re after.
Curious to hear if anyone else has implemented something similar.