I'm working on an application and this doubt came to me while I was doing some tests, where I made some changes, like the password change, on the computer but my user remained logged in on the phone. Or as some other services do (stackoverflow, google, etc ...), where there is the option to move and unload on all devices.
I'm using AngularJS on the front end and PHP on the MySql database.
My initial idea would be to create a new field in the DB, such as usuarioLogado and every time the user accesses the page to check the value.
- Whenever the user logs in, change the value to 1.
- Whenever the user moves, change the value to 0.
- Whenever the user accesses the page and there is access history, or cookie, check what the value is. If it is
0, force a new login.
I do not know if this logic is correct, taking into account the security of the user and the practicality of doing it.
Or is there some other more "correct", more practical method of getting this result?