Session Limit and limit concurrent user logins

Hello to the community,
Are there tools or plugins that work with Plone 5 for:

  • limit connection time(Session Limit Plugin for exemple)
  • Limit concurrent user logins in Plone 5

As regards theSession Limit , it seems to me that "plone.session" can do the trick but it has some downsides.
If so, can it be installed via the buildout or can we only use the package
"Plone.session" with pip install plone.session?
In advance, I thank you for your help.

You can change the connection timeout without any plugins from the ZMI:

/your_plone_site_id/acl_users/session/manage_propertiesForm

--> Cookie validity timeout

and/or

--> Refresh interval

1 Like

You can use stick tables in haproxy if you use that to count number of logged in users to website and start denying them if there are too many.
Plone records login times so a plugin that compares how many logged in recently in order to deny a login would not be hard but I haven't seen such a plugin. It could be an additional feature to https://github.com/collective/Products.LoginLockout if you want to add it. I recently added denying logins based on src IP range.

1 Like

Thanks for the information.
I will look closely to use it.
This seems a priori simple to implement.

Thank you for informatioon and sugestions.
I tried to look closely at haproxy.
It seems to me a heavy to implement especially Windows and for my needs rather simple? I will try to watch it again.
Besides, it seems that the link that you propose to me does not work.
Thanks again.

Sure. I'm saying that to my knowledge there is no out of the box solution for you so you will have to do some work to achieve the what you are after. It's not a common request to want to limit the number of simulataneous users since normally you just setup a server with enough capacity to handle the number of requests and logged in requests are something that plone handles fine normally.

A note about haproxy. If you intend to run a server that can handle more than a small amount of traffic then you will need some load balancer as Zope/Plone does not come with one builtin. I'm not sure what you were intending to use but haproxy is the most common choice among plone administrators. I recently implemented a similar usecase to prevent single users using up too many resources for a multi-site platform in Plone. I did this using stick tables and will put this into production soon. It's a few lines in your haproxy config. But if you aren't using haproxy then I'd look at what your load balancer might offer in terms of similar functionality. Getting Plone to do the same thing will require a lot of writes to the database which would have performance impacts.

Hello Dylan and the whole community.
Thank you for your explanations and your help.
I realize through your answer that I did not specify what I wanted.
Indeed, it is not a question of limiting the number of people who connect to the site in general.
Rather, it's about setting up, a solution to enforce only one simultaneous login per authenticated user in Plone.
I think that such a solution existed before Plone 4: "Products.NoDuplicateLogin".
But it does not work since plone 4, let alone with plone 5.
The goal is to avoid that with a single login and password we can have multiple simultaneous connections under plone 5.
Thank you again for all the time you take to explain me.

Plone Foundation Code of Conduct