How to make user login from only one device at a time

Question

I have a RestAPI which when hit authenticate the user. This api is exposed to android and ios developers they hit this api to allow user to login to our app

My requireme

Answer 1

I suggest that you maintain a session for a login. Whenever there is a successful login, you would provide a unique session identifier to the user. This session id can subsequently be used for further requests/calls from the user.

For scenario of user logging in from another number, an active session will mark this second login request as invalid.

Keep an aging mechanism for each session. This way an inactive session, caused by phone getting disconnected or off, will get terminated.