One User-ID Can be Used simultaneously by Several People At the same time

Is this a security ‘hole’?


I could not replicate this issue. Even if I login into same account from another browser, first session is logged out automatically.

@umair It’s very strange… I’m using v6.18… Any ideas? Any configuration I missed?
I can login using same user email from different browser on other device… All is able to do transactions etc as usual but it’s done from different people on different devices using same user-id


Set deny_multiple_sessions as true in site_config.json

Btw, all site_config options should be in system settings… maybe time to make this.



Thank you for this solution.

Until then, I have tired to set :

User > (user@name) > Security Settings > Simultaneous Sessions = 1

Regardless of ticking the checkbox in

System Settings > Security > Allow only one session per user

It did not work. I could log in from multiple PCs (non-mobile devices) without any problem.
Once I followed your suggestion

“Set deny_multiple_sessions as true in site_config.json”

it worked.

Although hovering mouse over “Allow only one session per user” shows “deny_multiple_sessions”, somehow it does not get set.

“… maybe tome to make this.” :slight_smile:

ERPNext : 13.51.4
Frappe : 13.57.0