Question

3
Replies
1273
Views
JonnyGar Member since 2009 91 posts
BNY Mellon
Posted: 5 years ago
Last activity: 5 years 3 months ago
Closed

Limiting concurrent sessions

This was asked on PDN 6+ years ago without much of a satisfactory answer - https://pdn.pega.com/forums/prpc/security/prevent-multiple-login

https://pdn.pega.com/forums/prpc/security/mutiple-concurrent-session-for-a-single-user

Indeed, as Pega's legendary documentation man Bill Byrn wrote pointed out on that thread, there's not actually a foolproof solution to this, since a hung browser session or broken network session (leaving an open requestor) would prevent a second login.

It appears that the the setting Data-Admin-System.pyConcurrentSessions could be used to control this, but in v6-v7 it's set to "unlimited" in the pyDefault model, and not settable in the form (through 7.1.6).

A manageable solution would be to at least alert the user to this situations where there are concurrent sessions.

For example, our VPN clients tell you if you have an open session (with IP address, login time), and direct you to end it before proceeding.

Can we use Authentication.getRequestorsForUser() to return the existing requestors for a given user?

I believe this only returns requestors for the current node; is this function exported by JMX?

Is there a function which returns the Set of the user's requestors across all nodes?

***Updated by moderator: Marissa to close post***

This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.

System Administration
Moderation Team has archived post
Share this page LinkedIn