Chapter 25. Sessions limits
Setting a session limit enables administrators to limit the number of simultaneous sessions per user or per IP address.
25.1. Working with session limits
In automation controller, a session is created for each browser that a user logs in with. This forces the user to log out of any extra sessions after they exceed the administrator-defined maximum.
Session limits can be important, depending on your setup.
Example
You only want a single user on your system with a single login per device (where the user can log in on their work laptop, phone, or home computer). In this case, you want to create a session limit equal to 1 (one). If the user logs in on their laptop, for example, then logs in using their phone, their laptop session expires (times out) and only the login on the phone persists. Proactive session limits kick the user out when the session is idle. The default value is -1, which disables the maximum sessions allowed. This means that you can have as many sessions without an imposed limit.
While session counts can be very limited, you can also expand them to cover as many session logins as are needed by your organization.
When a user logs in resulting in other users being logged out, the session limit has been reached and those users who are logged out are notified as to why the logout occurred.
Procedure
- To make changes to your session limits, from the navigation panel, select .
- Select Miscellaneous Authentication settings from the list of System options.
- Click .
Edit the Maximum number of simultaneous logged in sessions setting or use the Browsable API if you are comfortable with making REST requests.
NoteTo make the best use of session limits, disable
AUTH_BASIC_ENABLEDby changing the value tofalse, as it falls outside the scope of session limit enforcement. Alternatively, in the Miscellaneous Authentication settings, toggle the Enable HTTP Basic Auth to off.
