Deny user to login from multiple device?

I want to log out the user from all the place/devices when he log in from a new device?
any ideas please ?
thank you


What I would do is change a User field whever the user is logged in.

For example, when a user is logged in have it change a field called “LoginStatus” to “Logged In”

And change that field to “Logged Out” when a user is “logged out”

Then only allow the user with the login status as “Logged Out” to be able to successfully login. And you can have it display a message telling them to log out on there other device before being able to login on the existing device.

However, you will need to put in a mechanism that auto logs a user out when their not in the app, otherwise they may get stuck if they can’t access the app that has its login status as “Logged In” and yet they can’t access the the app to logout (although they should be able to if they know to URL of a page that is only accessible by those logged in.

While this will “sort of” work, note that Bubble has no built-in facility for detecting presence.

In practice what happens is that users log in but rarely take the action of logging out.

So, if you set a flag “logged in” when a user logs in, you are almost certain to detect upon their next login that they are, in fact, already logged in.

But we DO NOT NEED to set a flag for logged in as this is already a state available to us. (e.g., “if Current User is logged in” is a thing.) So your own “logged in” flag is redundant. Don’t bother creating that.

You’ll still find, about 100% of the time, that your user is still logged in and can do whatever they want.

So, you can build your own janky presence system by popping up annoying “Are you still there?” popups at regular intervals and, should the user not respond in a certain amount of time, logging them out. However, if the user simply leaves the page, closes browser, etc. etc. this action will never run. So, at some point, you have to throw this to an API workflow if you really want this to work.

All of the above is a long way of saying, “OP, are you really sure you need to do this? Systems that work this way are massively annoying. I get that you’re trying to keep folks from sharing a single login, BUT… If that’s the case, perhaps just only let people signup/login with social auth providers like Facebook, Google, etc. and don’t expose email/password registration, as this makes it rather harder to share an account.”

1 Like

thank you @ian2 , thank you @keith

Oh yes that my aim, and my question should have been posted like this “how can I deny users from sharing one account?”
I’ll consider to use the login with google or facebook

Hi @cbmerwan :slight_smile: You can use the “Account → Log out other user’s sessions” action in your login workflow:

This will log the Current User out of all of the other sessions where they are logged in, except the current session. Here is more information:


This topic was automatically closed after 70 days. New replies are no longer allowed.