Deny multiple logins
I am working on javastack of outsytems version 9.0.0. I have a requirement where user should be able to login from one machine at a time. It means, if user have logged in from one machine and try to login from other machine (or different browser from the same machine) system should promt user asking to logout from the previous session to login again.

Is this achievable in outsystems? if so how? For this i want to understand on session management in outsytems.

Rank: #23652
Facing same situation, is there any update of this issue?

Rank: #1593

Yes, I have managed to check if a user already has an other session on the .Net/ISS stack with SQL database.

Of course, the user needs to be logged in, before you can check this.

In short:

- Sessions are stored in a separate database (osSession in my case)
- Create a Database connection to this database (preferably with a read only user)
- In IntegrationStudio create a mapping to two of the three tables: ASPStateTempSessions and ASPStateTempSessionExtVars
- In your application set the dependencies to be able to use this tables
- Create a query joining these two tables based on the session id
- Filter on:
      - ASPStateTempSessionExtVars.UserId being the Session.UserId
      - ASPStateTempSessionExtVars.Cookie being the Session Id you can get with HTTPRequestHandler.GEtSessionId (bit strange, but the session id in the tables have some extra characters)
      - ASPStateTempSessions.ExpirationDateTime > CurrDateTime()

This did the trick for me.

Rank: #116

Another approach is to use the GetSessionId function from HttpRequestHandler extension and a local table of your application to save the SessionId and UserId. Inside On Session Start event check for an active session for the user who is logging in and kill this session of your control table. On the Begin Web Request event check your session still exists in this table if not abort the request and proceed with Logout. I believe that you don't need any kind of control because the session may not be necessary to remain in this table, that the next logon delete the old session and insert the new one. That way you avoid working directly with the system tables and does not run the risk of future incompatibilities due to system updates. Map directly to the system tables are not supported and is not advisable.