Defect #32049

Redmine allows same user to login from different machines simulteniously

Added by Amit Mehendale 7 months ago. Updated 7 months ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Accounts / authentication
Target version:-
Resolution:Wont fix Affected version:4.0.4

Description

Using Redmine 4.0.4

Able to Login using same user credentials from different machines at same time.

Expected :- If user is already logged in on 1 machine then it should not allow user to log-in on other machine.

Thanks

History

#1 Updated by Matthew Paul 7 months ago

This is not a bug imho - I am often logged into multiple machines and devices and would like it to remain that way

#2 Updated by Go MAEDA 7 months ago

  • Status changed from New to Closed
  • Resolution set to Wont fix

This is the expected behavior, not a defect.

The number of maximum simultaneous logins for a user is controlled in app/models/token.rb. If you don't want to allow the behavior, change the code as follows:

diff --git a/app/models/token.rb b/app/models/token.rb
index 8e93918ec..7922d24b6 100644
--- a/app/models/token.rb
+++ b/app/models/token.rb
@@ -41,7 +41,7 @@ class Token < ActiveRecord::Base
   add_action :feeds,     max_instances: 1,  validity_time: nil
   add_action :recovery,  max_instances: 1,  validity_time: Proc.new { Token.validity_time }
   add_action :register,  max_instances: 1,  validity_time: Proc.new { Token.validity_time }
-  add_action :session,   max_instances: 10, validity_time: nil
+  add_action :session,   max_instances: 1, validity_time: nil

   def generate_new_token
     self.value = Token.generate_token_value

Also available in: Atom PDF