User > LogIn > Enable Multiple LogIns
There is an option:
When a secondary login occurs, logout and notify…
Is it possible to make similar algorithm for multiple logins?
For example, i’d like to allow ~3 simultaneous logins for an account.
But when multiple logins is active, the ‘logout and notify’ option become disabled.
So, if, for some reason, user will loose his token 3 times, he will be unable to login until the session is expired. That’s very undesirable case. Is it possible to automatically logout one of the previous tokens when user hits the limit of multiple sessions?
It is a very good question!
We will discuss it with team.
I’d like to understand your idea better. Suppose the backend is configured to allow 3 concurrent logins. Say there are 3 logins with the same credentials and the forth one comes in. Right now, the system will not allow the 4th one until one of the first 3 logs out. Do you suggest to provide an option to invalidate one of the 3 when the 4th one tries to login? If so, which one? What is that user actively uses the app?
What would be a real scenario when this kind of behavior is useful?
Say there are 3 logins with the same credentials and the forth one comes in. Right now, the system will not allow the 4th one until one of the first 3 logs out. Do you suggest to provide an option to invalidate one of the 3 when the 4th one tries to login? If so, which one?
Logically, the most outdated session should be invalidated.
For example, i’m a developer (surprisingly)), so periodically i’m cleaning up my cache and cookies for different purposes. So, any website, which has restricted the amount of my logIns will make me face the problem, when i don’t have my previous tokens, i can’t logOut and i can’t logIn. Rarely, users will notify website’s support about this - most likely users will just leave such website.
One of the projects i’m working on has a webapp, two mobile apps, and browser extensions. So, you can multiply possibility to loose the token for quantity of different sessions going at once in such case.
Non-technical users may not know about cache and cookies and how to wipe them, but anyway, they can change devices or reinstall OS, or get some errors. This kind of users will not even know why they can’t log in and what ‘session’ is.
I was thinking in terms of real app users. What I think you’re asking for is a way to invalidate all active logins which would be helpful during development.
From the app perspective (not development, I am talking about real users of your app), there are two things you need to ensure of: (1) establish shorter session time (2) provide the logout option