Limit concurrent sessions plugin

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 4분

    • Configure the com.glide.limit.concurrent.sessions plugin to reduce the chance of session hijacking on your instance.

    When the Limit Concurrent Sessions (com.glide.limit.concurrent.sessions) plugin is not active, the glide.authenticate.limit.concurrent.interactive.sessions property is not set to true, or the glide.authenticate.max.concurrent.interactive.sessions property is set beyond an organizationally-defined threshold, then ServiceNow instance user accounts are not limited to a defined number of concurrent interactive sessions.

    1. Navigate to All > System Definition > Plugins.
    2. Find and select the Limit Concurrent Sessions plugin. The plugin ID is com.glide.limit.concurrent.sessions
    3. On the System Plugin form, review the plugin details and then select the Activate/Upgrade related link.
    4. Select Activate.
    5. After the plugin has successfully activate, navigate to All > System Properties > All Properties.
    6. Open the glide.authenticate.limit.concurrent.interactive.sessions system property, and set the value to true.
    7. Open the glide.authenticate.max.concurrent.interactive.sessions system property, and set the maximum concurrent sessions. This value depends on the needs of your organization.

    More information

    Attribute Description
    Configuration name
    • com.glide.limit.concurrent.sessions (plugin)
    • glide.authenticate.limit.concurrent.interactive.sessions(system property)
    • glide.authenticate.max.concurrent.interactive.sessions(system property)
    Configuration type System Properties (/sys_properties_list.do)
    Data type
    • plugin
    • system property (Boolean)
    • system property (Integer)
    plugin
    Recommended value
    • com.glide.limit.concurrent.sessions is enabled
    • glide.authenticate.limit.concurrent.interactive.sessions system property set to true
    • glide.authenticate.max.concurrent.interactive.sessions set to a numeric value depending on the needs of your organization.
    Default value None
    Category Session management
    Security risk
    • Severity score: 3.7
    • CVSS score: Low
    • Security risk details: A greater number of open sessions means there are more sessions that could potentially be hijacked. Limiting the number of allowed sessions per user is helpful in limiting risks related to denial-of-service (DoS) attacks.
    Dependencies and prerequisites None