app/stories/end-user/EU-001-multi-device-login.md

Multi-Device Login Sessions

ID: EU-001 Priority: High Status: Planned

User Story

As an end user, I want to stay logged in on multiple devices simultaneously so that I can access my account from my phone, tablet, and computer without being logged out elsewhere.

Acceptance Criteria

• User can have active sessions on multiple devices at the same time
• Each device gets its own refresh token
• Logging out on one device does not affect sessions on other devices
• User can see all active sessions in account settings
• User can revoke individual sessions remotely

Technical Notes

• Currently only one refresh token per login session is supported
• Need to refactor LoginSession to support multiple refresh tokens
• Consider storing device metadata (browser, OS, last active time) with each token
• JWT blocklist needs to handle individual token revocation

Related TODOs

• ts/reception/classes.jwt.ts:39 - // TODO: handle multiple refresh tokens