Single login

ongan0 · April 1, 2025, 11:29am

I want to configure single login. I used AllowConcurrentLogins = false but that is not enough. I want if device A logs in. when device B logs in, device A should be logged out immediately, or at least when user does something on device A then it should be logged out. Currently it is waiting for about 1 minute to automatically log out on device A. Please, help me

stvnhrlnd · April 1, 2025, 12:05pm

Can I ask why does it need to be immediate? Are you able to still make changes within that minute? I’m wondering if the API will block device A in your scenario.

LuukPeters · April 1, 2025, 2:03pm

My experience is that when AllowConcurrentLogins is false that the other one is kicked out very fast.

markadrake · April 1, 2025, 10:14pm

I’m not sure if it’s really “waiting one minute” to kick out the device, or the client side application phones home and discovers it’s been kicked out and that takes a few seconds to happen.

I’m also interested to know if anything (like an API call) would be rejected in this time frame.

ongan0 · April 2, 2025, 2:26am

I need to log out immediately, because it currently allows accounts on 2 devices to operate normally. The first device only logs out after about 1 minute of me doing nothing.

ongan0 · April 2, 2025, 2:30am

Just when I do nothing after about 1 minutes. If I do any thing, it won’t logout.

ongan0 · April 2, 2025, 2:32am

Currently, nothing is rejected in this frame. And I hope it will be rejected.

ongan0 · April 2, 2025, 8:35am

Please. I help me

stvnhrlnd · April 2, 2025, 11:54am

What’s your exact Umbraco version?

owainjones.dev · April 2, 2025, 3:26pm

Just did a few tests on v13.7.2, and I’m seeing the same behavior

Using a clean Umbraco installed based on this PSW setup: Package Script Writer

Test 1

Logged in on my main browser
Logged in on another browser and started a stopwatch

After 3 tests, I observed that my original session was logged out after 52s, 43s and 40s.

Test 2

I then tested to see if I could delay this logout by clicking/interacting as described=

Logged in on my main browser
Logged in on another browser and started a stopwatch
Clicked between the Content and Media sections on my original session for 2 minutes

The result of this test was that my original session was not logged out until 48 seconds after I had stopped clicking between the sections. Therefore it seems that interacting with the original session does delay the logout.

So yea, something definitely feels off here.

ongan0 · April 3, 2025, 1:43am

Yep. I’m using v13.7.2. What you describe is the problem I’m having. Can anyone help me fix it?

stvnhrlnd · April 3, 2025, 8:11am

@owainjones.dev Thanks for this! I’ll do some testing on it soon myself (as it is a security feature and all ).

ongan0 · April 14, 2025, 2:51am

Thanks. I resolved it. Like that:

builder.Services.Configure<BackOfficeSecurityStampValidatorOptions>(options =>
{
    options.ValidationInterval = TimeSpan.FromSeconds(5);
});