← Graph

Login Session Tracking

concept 2 connections

Pattern of creating a database record for every user login and injecting its id into the browser's cookie session, so that every subsequent request identifies the active session. Enables counting concurrent sessions per user, expiring specific sessions on logout or MFA conditions, and collecting per-login data (IP, geo, user agent, CloudFront headers). Core data-collection mechanism in the Prevent Account Sharing talk and precondition for enforcing a cap on concurrent sessions.

category
pattern
talk Prevent account sharing
about
Login Session Tracking concept
Introduces a login_sessions table as the core mechanism.
question Why a limit of four login sessions?
about
Login Session Tracking concept
Discusses the planned cap on concurrent login sessions.

Provenance

Created in
wroclove.rb 2024 — Prevent Account Sharing (Andrei Kaleshka) 2026-04-17 23:20
Read by
3 extractions