I would like to only allow one instance of a user logged in. If I log in on this computer, and then go to another computer to login, the previous session should be destroyed. How can I do that? How can I access all sessions so I can destroy the right one or ensure that session's userID is unique? The only documentation I've seen for accessing the session regards req.session, which is only for the current session.
The typical way to implement this would be to save a user's session ID in the database, and whenever they log in, destroy the session whose ID was previously stored. Sails uses Connect's session store for session management. The session ID is exposed as req.sessionID, and the underlying session store is exposed as req.sessionStore. So, given the session store interface described in the Connect docs, you could do something like the following in your login action:
// Destroy the session from the previous login
req.sessionStore.destroy(loggedInUser.currentSessionId, function(err) {
if (err) {return res.serverError(err);}
// Save the session ID of the current login
User.update({id: loggedInUserId}, {currentSessionId: req.sessionID})
.exec(function(err) {
if (err) {return res.serverError(err);}
// Continue your login action...
});
});