When to call the attach function

Web Apps

For most web apps, you should call the attach function as soon as the user ID is available (i.e. login callback or session initialization) and and on every logged-in page once. This ensures that account sharing prevention works on all pages. If for some reason, you don't want to do that, then at minimum call the attach function on all key pages of your application (such as dashboard, login, sign up). Every page that has Rupt called is covered by the account sharing prevention mechanisms of Rupt.

Mobile apps

For mobile apps, you should call the attach function as soon as the user ID is available or whenever it changes. Then you should also call it on every key page. No need to call it on all pages, but only on key pages (such as watching video page or the transaction page) or on significant events.