Feature to preventing users from having multiple concurrent sessions


It would be nice if we had the possibility to prevent users from having multiple concurrent sessions.

There are some scenarios when you want to prevent multiple logins of same user id to your application. This can either be a security or functional reason. 

Created on 6 Sep 2018
Comments (6)

Can you describe some use case that it would be necessary?

I can name a few, But here is one in security perspective. Awareness that your account is being used by someone else besides yourself.

Imagine your password has been hacked (never happens ?). Currently someone can be using your account without your knowledge. But with this feature, you will be immediately alarmed in a case you are logged in and your account is trying to be used elsewhere.

I don't think the awarness that someone is using your account is really good reason for concurrent sessions. Better is the log and make people aware of the the logins of the account and may be the source of the login.

It could be very easy. A parameter on the User_Login action named 'Unique'. If a second simultaneous login on the same user id is made, some event (system event, just an example) would be triggered and we could implement some action (to approve the second login, to notify, to block, etc.)

Changed the category to Backend

I think it's a great idea and would add a small nuance: instead of being able to simply control the concurrency of sessions I'd say it would be best to be able to configure the number of concurrent sessions allowed per user.