Closed (won't fix)
Project:
Automated Logout
Version:
6.x-2.x-dev
Component:
Code
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
7 Dec 2009 at 05:09 UTC
Updated:
24 May 2013 at 14:01 UTC
Here is another feature request regarding the session limit feature:
Despite the session limit, it's still possible to trade one set of login credentials among many users. The only consequence to being Auto Logged out is that you just have to log back in again. When users are willing to put up with this inconvenience, then the session limit could use improvement. Could there possibly be a delay enforced before the next permitted login so that users can't trade back and forth so quickly? Or, alternatively, could there be a limit on the number of IP addresses that are permitted logins within a certain time period? Perhaps the best scenario would be: if session limit is triggered, and the IP address of the new login is different from before, then enforce a delay before yet another login is permitted?
Thanks for a great, important module!
Comments
Comment #1
jvandervort commentedMoved to the current dev head.
Comment #2
RikiB commentedIm looking for a very similar security feature. Something that would prevent many people using the same account.
Comment #3
jvandervort commented@RikiB, I think that is what the "One Session" limit is all about.
Comment #4
johnennew commentedClosing old issues - can you try the 6.x-4.x branch and see if this works for you?