25 lines
1001 B
Markdown
25 lines
1001 B
Markdown
|
# Multi-Device Login Sessions
|
||
|
|
|
||
|
|
**ID:** EU-001
|
||
|
|
**Priority:** High
|
||
|
|
**Status:** Planned
|
||
|
|
|
||
|
|
## User Story
|
||
|
|
As an end user, I want to stay logged in on multiple devices simultaneously so that I can access my account from my phone, tablet, and computer without being logged out elsewhere.
|
||
|
|
|
||
|
|
## Acceptance Criteria
|
||
|
|
- [ ] User can have active sessions on multiple devices at the same time
|
||
|
|
- [ ] Each device gets its own refresh token
|
||
|
|
- [ ] Logging out on one device does not affect sessions on other devices
|
||
|
|
- [ ] User can see all active sessions in account settings
|
||
|
|
- [ ] User can revoke individual sessions remotely
|
||
|
|
|
||
|
|
## Technical Notes
|
||
|
|
- Currently only one refresh token per login session is supported
|
||
|
|
- Need to refactor `LoginSession` to support multiple refresh tokens
|
||
|
|
- Consider storing device metadata (browser, OS, last active time) with each token
|
||
|
|
- JWT blocklist needs to handle individual token revocation
|
||
|
|
|
||
|
|
## Related TODOs
|
||
|
|
- `ts/reception/classes.jwt.ts:39` - `// TODO: handle multiple refresh tokens`
|