I recently noticed the “Log out other user’s sessions” workflow action and it seemed like it could be a good security feature to add for my users.
But then I though, how would I/they know if they need to use that feature? While I can find forum posts about user presence and activity, I haven’t seen anything on displaying a user’s currently active sessions.
Is there a way to show a user all of their active logins/sessions? Similar to how Google or Apple show you all the devices and their last IP/location/activity time that are authorized under your ID.
I’m curious what “Log out other user’s sessions” is really designed for or if anyone is using it for a specific reason.
I guess it can be used (if placed at the end of the login flow) to force a policy of ‘only 1 login at a time’ for users.
Or If you, as a user, had a reason to think your account was compromised, then you would want this. But then again, how would you know your account was being used by someone else?
I first thought it would be great for an admin to use to suspend/ban a user: change their password, then log them out everywhere. But you would have to change their password, log in as them, then click this button yourself…what a hassle.
I agree Bubble needs to expose the User login sessions as a data type. Its definitely there just hidden.
You can actually kind of build what you are looking for though. If you create a new data type User Session, after each Log In action save the result of the step’s token and expiration date. (additionally a plugin could get the device fingerprint and IP, country, etc) The Bubble API | Bubble Docs
Then to log out a specific session create a backend workflow with a single Log Out action, and use the API connector to trigger that workflow using the specific token as authorization
One downside is magic login links don’t give you the token so you can’t save sessions for those. And right now I just tried to get the Result of the login step and its not giving me that option… (probably a bug)
Interesting idea–I haven’t dug much into plugins/ways to log additional user data such as IP, but it may be worth spending some time on in the future to have a basic type of active session tracking. Especially if we ever build out a mobile app version.