Time flies while you're having fun, but then one day your bio says something about being a 30+ year veteran in software engineering. Still, I've not seen it all, let alone done it all (yet).
Right. So you have a couple of problems to solve. Firstly you need to be able to uniquely identify every device. This is not so easy, but there is an interesting and detailed paper on some approaches.
The next thing to solve is understanding when a user is (still) using a device. As HTTP is stateless, it can be hard to know if the user is still using your app or not. Unless you already have some notion of session, or a proxy for it, you will need to keep recording the last time you see any activity from the user, and then assume they are no longer using the device after, for example 30 minutes.
Then really is just a matter of putting these things together, and checking how many sessions are currently running of each users, when they authenticate.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Right. So you have a couple of problems to solve. Firstly you need to be able to uniquely identify every device. This is not so easy, but there is an interesting and detailed paper on some approaches.
The next thing to solve is understanding when a user is (still) using a device. As HTTP is stateless, it can be hard to know if the user is still using your app or not. Unless you already have some notion of session, or a proxy for it, you will need to keep recording the last time you see any activity from the user, and then assume they are no longer using the device after, for example 30 minutes.
Then really is just a matter of putting these things together, and checking how many sessions are currently running of each users, when they authenticate.