Limit concurrent sessions across all nodes [Updated in Security Center 1.3]

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • Use the glide.authenticate.limit.concurrent.sessions.across.all.nodes property with the Limit Concurrent Sessions plugin to manage the number of sessions tracked across all nodes.

    When the Limit concurrent sessions plugin is active, the number of open sessions can be limited per user. Ensure that when this plugin is active that the (Glide authenticate limit concurrent sessions across all nodes) property is set to true so that the number of open sessions are tracked across all nodes instead of a single application node. If this property is set to false, multiple sessions can be open across multiple nodes, which increases the chances of session hijacking.

    More information

    Attribute Description
    Configuration name glide.authenticate.limit.concurrent.sessions.across.all.nodes
    Configuration type System Properties (/sys_properties_list.do)
    Data type boolean
    Recommended value true
    Default value true
    Category Session management
    Security risk
    • Severity score: 3.7
    • CVSS score: Low
    • Security risk details: When using the Limit Concurrent Sessions plugin, setting this property to false enables multiple sessions across multiple nodes to be open which increases the chance of a security vulnerability like a session hijacking.
    Dependencies and prerequisites None
    References Limit concurrent sessions