Hi ,
We need to implement a requirement that limits the number of concurrent sessions per user. For example, if User A logs in through Session 1 and then attempts to log in on another device via Session 2, Session 1 should be terminated. Ultimately, we want only one active session per user at a time. The "Limit Number of Concurrent Sessions Per User Account" setting will allow a minimum of two sessions, but instead of terminating the first session, it will trigger an error when attempting to log in with a new session.
is there any way to achieve this functionality? . The Application is on premise 24.4
Discussion posts and replies are publicly visible
Limit Concurrent Sessions for SAML/SSO Based Users
AFAIK, this hasn't changed.
Hi Mathieu,
Thank you for your response
Is there any workaround to solve this problem?
Not to my knowledge.
What is the requirement for this? I have never found an actual use for this setting.
Pen-Testers had found out that simultaneous sessions could pose a security risk ,increasing the risk of session hijacking. so we wanted to limit single active session per account