Project

General

Profile

Actions

Defect #32049

closed

Redmine allows same user to login from different machines simulteniously

Added by Amit Mehendale about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Wont fix
Affected version:

Description

Using Redmine 4.0.4

Able to Login using same user credentials from different machines at same time.

Expected :- If user is already logged in on 1 machine then it should not allow user to log-in on other machine.

Thanks

Actions #1

Updated by Matthew Paul about 5 years ago

This is not a bug imho - I am often logged into multiple machines and devices and would like it to remain that way

Actions #2

Updated by Go MAEDA about 5 years ago

  • Status changed from New to Closed
  • Resolution set to Wont fix

This is the expected behavior, not a defect.

The number of maximum simultaneous logins for a user is controlled in app/models/token.rb. If you don't want to allow the behavior, change the code as follows:

diff --git a/app/models/token.rb b/app/models/token.rb
index 8e93918ec..7922d24b6 100644
--- a/app/models/token.rb
+++ b/app/models/token.rb
@@ -41,7 +41,7 @@ class Token < ActiveRecord::Base
   add_action :feeds,     max_instances: 1,  validity_time: nil
   add_action :recovery,  max_instances: 1,  validity_time: Proc.new { Token.validity_time }
   add_action :register,  max_instances: 1,  validity_time: Proc.new { Token.validity_time }
-  add_action :session,   max_instances: 10, validity_time: nil
+  add_action :session,   max_instances: 1, validity_time: nil

   def generate_new_token
     self.value = Token.generate_token_value
Actions

Also available in: Atom PDF