I would love to know if Discord Team can implement an IP Verification on a session token.
When first loggin' in on an account, the ip is logged and linked to that token.
When that token is accessed elsewhere (different ip), to force a logout on that account and destroy that session token.
It can be different for phones. But I know in my area, phones have unique nameservers(but shared ip).
to trace their user's activity. You can get that nameserver really easily.
You can also easily do all that using a user-agent specific on mobile app/Desktop app (as it does already I assume) to authenticate to the same account under 2 different tokens (one for mobile and second for pc)
Contact me if you want to hear more details of how you can implement this feature, as I did for my own private webapp :)