Concurrent sessions in Magnolia cms

Question

Magnolia CMS (5.5.6) by default allows users to have concurrent sessions (same user logged in two browsers for example). According to my security policy this is disallowed.

Is that possible to turn off concurrent sessions in Magnolia? How can I do it?

Answer 1

Depending on what you want to do you can either extend Authentication JAAS module (info.magnolia.jaas.sp.jcr.MagnoliaAuthenticationModule) to forbid login when other session is open. Or alternatively you might write just a custom info.magnolia.cms.security.auth.login.LoginHandler to do the same.
There's not much documentation on how to do that so you should perhaps read a source code.
To configure JAAS module you do so in WEB-INF/config/jaas.config. To configure custom login handler, look in config:/server/filters/login/loginHandlers.