Done Concurrent/Simultaneous Sessions

Discussion in 'Feature Requests' started by NNN, Jul 13, 2020.

  1. NNN

    NNN New Member

    Joined:
    Nov 4, 2016
    Messages:
    3
    Likes Received:
    0
    Hi,

    A recent pen test has brought up the issue that multiple concurrent/simultaneous sessions can exist for a user. It is suggested that this should not be allowed. Is this something that can be implemented as an option? i.e. only one active session per user. Either the user is prompted to kick out the other session or is just blocked from logging in until the other session ends. If the latter it could go hand in hand with my other feature request of session inactivity timeouts here.

    Thanks
     
    #1 NNN, Jul 13, 2020
  2. David

    David Administrator
    Staff Member

    Joined:
    Dec 1, 2015
    Messages:
    835
    Likes Received:
    33
    The concurrent logins are allowed we don't consider to change that behavior nowadays.
     
    #2 David, Jul 15, 2020
  3. David

    David Administrator
    Staff Member

    Joined:
    Dec 1, 2015
    Messages:
    835
    Likes Received:
    33
    Since v4 is possible to configure Session Limits from 1 to 3 a user can be logged in at any one time.
    By default are allowed 2 sessions.
    Admin > Configuration > Settings > User & Password > Session Limit
     
    #3 David, Oct 16, 2025 at 4:06 AM
(You must log in or sign up to post here.)

Share This Page