Prevent concurrent user sessions

19 views
Skip to first unread message

Matt Card

unread,
Apr 22, 2025, 12:17:47 PMApr 22
to pwm-general
We would like to prevent a user from being able to authenticate into PWM (2.0.8) with concurrent sessions.   So, if they have an active PWM session, they cannot sign into it the app again at the same time.  I have reviewed the Configuration Editor options available and the previous Group conversations on this, and don't see settings for this.

Are there PWM settings to enforce this or has anyone come up with a solution for this?

Thanks!

Jason Rivard

unread,
Apr 22, 2025, 7:40:37 PMApr 22
to pwm-general
There is not functionality for this.  Since PWM uses distributed session management, it's not possible with current architecture.  It would require some type of centralized session management system.

Can I ask why you want this?  Maybe there is another way to solve the underlying problem you are facing.

Matt Card

unread,
Apr 23, 2025, 9:09:52 AMApr 23
to pwm-general
Thanks for the quick response and explanation, Jason.  We are looking at it in regard to the NIST 800-53 AC-10 control (concurrent session control), so from a security standpoint.  
Reply all
Reply to author
Forward
0 new messages