Magic-Sessionmanager — Geolocation

TL;DR

Premium and Advanced tiers attach country, city, ISP, ASN, and coordinates to every session. Data is sourced from an offline GeoIP database shipped with the plugin (no external API calls, no rate limits, no privacy concerns). Custom databases supported.

What data is included

Each session gets a geolocation object:

{
  "country": "DE",
  "countryName": "Germany",
  "countryFlag": "🇩🇪",
  "region": "Berlin",
  "city": "Berlin",
  "postalCode": "10405",
  "latitude": 52.5244,
  "longitude": 13.4105,
  "timezone": "Europe/Berlin",
  "isp": "Deutsche Telekom AG",
  "asn": "AS3320",
  "asnOrg": "Deutsche Telekom AG"
}

Data source

The plugin ships with an embedded offline GeoIP database compatible with MaxMind GeoLite2 format. Benefits:

• No external API calls (privacy-friendly, GDPR-safe)
• No rate limits
• Zero latency (in-memory lookup)
• Works offline

Database is refreshed with each plugin update (monthly).

Using a custom database

For up-to-the-minute geolocation data, point the plugin to your own MaxMind database:

// config/plugins.ts
'magic-sessionmanager': {
  enabled: true,
  config: {
    geolocation: {
      databasePath: '/path/to/GeoLite2-City.mmdb',
      // Or load from URL with caching:
      databaseUrl: 'https://example.com/GeoLite2-City.mmdb',
      refreshInterval: 7 * 24 * 60 * 60 * 1000,  // weekly
    },
  },
},

Supports:

• GeoLite2-City (most common)
• GeoLite2-ASN (ISP/ASN data)
• GeoIP2 (paid MaxMind product with higher accuracy)

Accuracy

Data	Typical accuracy
Country	~99%
Region / state	~85%
City	~75%
Latitude / longitude	±50km (city-level)
ISP	~95%
ASN	~99%

IPv6 supported.

Private and local IPs

The plugin recognizes and labels:

• RFC 1918 private IPs (10.x, 172.16.x, 192.168.x)
• Loopback (127.x, ::1)
• Link-local
• Carrier-grade NAT (100.64.x)

These get country: null and isInternal: true in the geolocation object.

Viewing geolocation in admin

1. Sessions Dashboard — each row shows country flag + city.
2. Session Detail — full geolocation info including coordinates.
3. Map view (Premium) — pins on a world map, groupable by user.

Programmatic access

// Get current user's most recent session with geo
const session = await strapi.plugin('magic-sessionmanager').service('sessions').findLatest({ userId });
console.log(`Last login from ${session.geolocation.countryFlag} ${session.geolocation.city}`);

Geo-fencing

Combine geolocation with rules to allow/block by country — see Security Features.

Privacy considerations

• No external calls — all lookups happen locally.
• Session data is stored in your database only.
• GDPR: geolocation is considered personal data. Include it in your privacy policy.
• Retention: configurable via terminatedRetentionDays. Old sessions (with their geo data) are automatically purged.

Troubleshooting

No geo data appearing

• Verify your tier is Premium or Advanced (Free tier does not include geolocation).
• Check Strapi logs for geolocation: database not found errors.
• Verify internet connectivity (if using databaseUrl).

Wrong country shown

• IPs change hands between ISPs; your database may be out of date.
• Update to the latest database.
• For critical accuracy, use MaxMind's paid GeoIP2 product.

IPv6 not working

• Ensure your database includes IPv6 data (GeoLite2 does; older GeoLite Legacy doesn't).

---

Next: API Reference →