LL::NG rely on a session mechanism with the session ID as a shared secret between the user (in SSO cookie) and the session database.

To configure sessions, go in Manager, General Parameters ยป Sessions:

  • Opening conditions: a rule that will be evaluated to grant session to a user.
  • Store user password in session data: see password store documentation.
  • Sessions timeout: Maximum lifetime of a session. Old sessions are deleted by a cron script.
  • Sessions activity timeout: Maximum inactivity duration.
Session activity timeout requires Handlers to have a write access to sessions database.
  • Sessions Storage: see sessions database configuration.
  • Multiple sessions, you can restrict the number of open sessions:
    • One session only by user: a user can not open 2 sessions with the same account.
    • One IP only by user: a user can not open 2 sessions with the same IP.
    • One user by IP address: 2 users can not open a session with the same IP.
    • Display deleted sessions: display deleted sessions on authentication phase.
    • Display other sessions : display other sessions on authentication phase, with a link to delete them.
Note that since HTTP protocol is not connected, restrictions are not applied to the new session: the oldest are destroyed.