Skip to content

Session Management: Monitor Login Activities and Secure Users' Accounts

Monitoring players' logins from different devices and managing their open sessions is crucial to ensure that their accounts are secure. Where previously only admins were able to manage a player's login sessions, the trend has now shifted to allow players to view and close their own sessions. This gives the player more control over their own account and allows them to close suspicious sessions quickly.

At AccelByte, we ensure that our User Account Management service records players' session data accurately. The device information for each session is collected from the client used by the player. The service then figures out the location of each login from the player's IP address. After that, we match their login history to the client information in the User Account Management (UAM) database; from there we can also check for any abnormalities which could indicate suspicious activity. For instance, if a player logs in from multiple countries (based on their IP address) in a short amount of time, an email notification will be sent to the player informing them of this activity and asking to confirm whether or not the logins are legitimate.

Our service gathers the following data for each player session:

  • Device information
  • Client information used to login: clientName, clientID
  • Location (Country, State, City): based on the IP address
  • Time: session start and session expiration time
  • User information: userID, namespace, user's ban information

And here's a brief look at how it works:

  • When a user logs in, they receive an access token from our User Account Management (UAM) service.
  • Then, the sessionID is combined with the access token by the session manager.
  • For our browser-based clients accessing the Player Portal and Admin Portal, the sessionID is set up in the browser's cookies. For clients that don't support cookies, e.g. the SDKs and game applications, the sessionID is stored and used in the Bearer Auhorization header when the application makes requests to any API endpoint.

We're committed to helping you provide your players with top security and the best gaming experience around. If you're interested in learning more about our solutions and how they work to power-up your game, be sure to subscribe to our newsletter and social media channels using the buttons below.

Find a Backend Solution for Your Game!

Reach out to the AccelByte team to learn more.