Only one login instance of a user

Is there a possibility in discourse, that I can enforce only one login instance of an user, at any given point of time?

Thanks
Oneflydown

No, that’s not configurable. There is a hard-coded limit of 60 sessions (although, we never expect anyone to get near that in normal use)

https://github.com/discourse/discourse/blob/1cc1ff8435114a4f815f3cc0e81218543ddff73b/app/models/user_auth_token.rb#L11

It might be possible to override this in a plugin, but I would not recommend it (the UX would be very confusing)

2 Likes

Thanks @david . I will find out a way, as my students are sharing username/password to access subscription content on forum.

1 Like

You could enforce 2 factor authentication. It works make sharing passwords more trouble.

You could also track ip addresses.

7 Likes