Option to limit the number of concurrent sessions for a user. (4381214)

It is the web application design decision to determine if multiple simultaneous logons from the same user are allowed from the same or from different client IP addresses. If the web application does not want to allow simultaneous session logons, it must take effective actions after each new authentication event, implicitly terminating the previously available session, or asking the user (through the old, new or both sessions) about the session that must remain active.

It is recommended for web applications to add user capabilities that allow checking the details of active sessions at any time, monitor and alert the user about concurrent logons, provide user features to remotely terminate sessions manually, and track account activity history (logbook) by recording multiple client details such as IP address, User-Agent, login date and time, idle time, etc.

Some customers are asking that we support limiting the number of active sessions for a user in the web UIs.

An enhancement request (#435239) has been created.

WORKAROUND

None

STATUS

The product team will evaluate the request and this feature may become available in a future release of the product.