This article describes how to prevent multiple active sessions for the same user.

• Multiple Active Sessions

1. Check the active sessions and refresh tokens for a user using the management API.
2. If the user has more than one session or refresh tokens issued,  invalidate the sessions and refresh tokens for the user using the delete refresh tokens and the delete sessions Management APIs.
3. The application the user logged in must also clear the internal session stored for this user.