Module Name: ConcurrentSessionControl

Description:

The ConcurrentSessionControl module is responsible for enforcing concurrent session control within an application, ensuring that each user can maintain only one active session at a time.
If a user logs in from another browser or device, their previous session is invalidated, and they are redirected to the logout screen or prompted to log in again.

This module is essential for applications where security, license enforcement, or data integrity require strict session exclusivity.

Core Responsibilities:

• Maintain a single active token per user

• Prevent multiple concurrent sessions using the same credentials

• Handle token generation, validation, and expiration

• Integrate with login flows and secured screens

Key Features:

• Entity: ExclusiveUserSession
  Stores user ID, authentication token, and the token generation time.

• Action: GenerateUserTokenWithSingleSession
  Generates a new session token and invalidates the previous one.

• Action: ValidateUserToken
  Validates whether the current token is still active and valid.

• Action: CheckTokenExpiration
  Compares token lifetime against the current time using the site property UserTokenValidityDurationMinutes.

• User Feedback Message:
  "Another session has been started using your account. You will now be signed out."

• Client Redirect:
  Automatically logs the user out and redirects them when the token is invalidated or expired.

Use Cases:

• Banking and finance platforms requiring strict login control

• Admin portals with per-user license limits

• Educational or exam platforms where simultaneous sessions are prohibited