Hi Denuwanthi, Currently we have decided to implement this as a conditional authentication function. Admin user can use this function to get the number of active sessions and can create a condition with the limit he wants. If the admin user does not use this function, no conditions will be tested based on session count. So the user can create unlimited number of sessions without any problem.
Regards, Dimuth Menikgama. On Sat, Mar 31, 2018 at 3:24 PM, Vihanga Liyanage <viha...@wso2.com> wrote: > Hi Dimuth, > > >>> - >>> >>> What is the best way to handle new session request when maximum >>> allowed session limit is 1? >>> - >>> >>> If there is a session, close that session and create a new >>> session. >>> - >>> >>> Notify the user about the existing session and ask to end that >>> manually if he want to create a new session. >>> >>> > IMHO, I think both of these proposed methods are not suitable. Instead > what if we notify the user about the limitation on active sessions and ask > for the consent to close the existing session from our end? Closing the > session manually by the user could be a hassle for him especially if it was > another device. We can just invalidate the session from our end without > much effort. WDYT? > > Thanks, > Vihanga. > > -- > > Vihanga Liyanage > > Software Engineer | WS*O₂* Inc. > > M : +*94710124103* | http://wso2.com > > [image: http://wso2.com/signature] <http://wso2.com/signature> > -- *Dimuth Menikgama* *Software Engineer* *WSO2* *Mobile : + 94 702337977 <%2B%2094%2011%202145345%20%C2%A0Ext.%205737>* * <%2B%2094%2011%202145300>*
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
