budibase icon indicating copy to clipboard operation
budibase copied to clipboard

Published 20 hours ago • verified publisher icon Budibase

Set maximum number of active sessions per user to 3 (from 1)

Open samwho opened this issue 5 months ago • 2 comments

Description

This PR allows users to be logged into 3 active sessions at a time instead of 1. This gives people more flexibility in how they use Budibase, e.g. on a desktop and a mobile device at the same time.

The way it works is by attaching a header to the response of the login request that indicates if you logged out any other sessions with this login. If you did, that information gets stored in localStorage (because several redirects happen on login) and pulled out of localStorage to display a notification.info when the page has settled, explaining that another session has been logged out.

https://github.com/user-attachments/assets/6f1ea505-f954-476c-a88e-8cd1b1d70ed8

Launchcontrol

Allow users to be logged into 3 active sessions at a time, up from 1. You will no longer get logged out of Budibase if you log in elsewhere, provided you're not logged in to more than 3 sessions at a time.

samwho avatar Jun 10 '25 16:06 samwho

QA Wolf here! As you write new code it's important that your test coverage is keeping up. Click here to request test coverage for this PR!

qa-wolf[bot] avatar Jun 10 '25 16:06 qa-wolf[bot]

LGTM other than the comment mentioned 👌 I think local storage is a great choice here to ensure we handle any number of hard or soft redirects.

I don't remember off the top of my head, but do we handle redirects after login if you originally requested another URL?

I'm thinking of a flow like:

* I try to go to a builder URL for a specific app

* I get redirected to login as I'm not logged in

* I log in and get redirected back to the original URL, the builder

In this scenario, not only would I not see the notification (since I bypassed the portal apps page), but I'd also erroneously see the popup the next time I go to the portal apps page, as it still exists in local storage.

If that's a valid consideration, I think we should move the logic handling this popup into the core builder/_layout.svelte to ensure that we show it anywhere. There's still the possibility that the user is redirected to a client app though, so do we also need this logic added to the client library? It's also the case that the session limit applies there too.

Valid point. Yes, we handle redirects after login, even if it goes via the portal homepage anyways (it looks flaky but it might "solve" the notification issue you mentioned)

adrinr avatar Jun 12 '25 11:06 adrinr