Q: I’m in development and have found that if I login multiple times, I end up with multiple sessions. Is this correct behavior? Shouldn’t AuthRocket limit user sessions to one?
A: Multiple sessions is the correct behavior. A user might be using multiple browsers or multiple devices and we don’t want to automatically terminate any of those sessions.
By default we do cap the active session count at 10 just to keep things manageable.
If you really wanted to cap your users to a single session, we can either drop that setting of 10 down to 1 (which would be an account-wide change), or you can check for older sessions at the time of login and simply delete them.
Questions? Find a Typo? Get in touch.