Maximum Concurrent Login Sessions

This feature prevents having more than a configurable number of concurrent sessions. Default value is set to 0, which means the concurrent session check is bypassed. Additional logins are prevented if the maximum concurrent session count has been reached. Beyond this, the user can choose to login using shell --clear-sessions which will invalidate all the active sessions.

The administrator controls this feature via Avi Vantage’s CLI or REST API. The setting for it is maintained within the UserAccountProfile object. By default, all the users in the system are attached to “Default-User-Account-Profile,” as shown below. If required, the admin can create a new user account profile with different thresholds.
admin:10-10-24-52]: > show useraccountprofile Default-User-Account-Profile
+-------------------------------+---------------------------------------------------------+
| Field | Value |
+-------------------------------+---------------------------------------------------------+
| uuid | useraccountprofile-6753548e-7ac5-4601-939b-ad4394405db4 |
| name | Default-User-Account-Profile |
| max_password_history_count | 0 |
| max_login_failure_count | 20 |
| account_lock_timeout | 30 |
| max_concurrent_sessions | 0 |
| credentials_timeout_threshold | 0 |
+-------------------------------+---------------------------------------------------------+
To change the maximum number of concurrent sessions:
[admin:10-10-24-52]: > configure useraccountprofile Default-User-Account-Profile
Updating an existing object. Currently, the object is:
[admin:10-10-24-52]: useraccountprofile> max_concurrent_sessions 5
Overwriting the previously entered value for max_concurrent_sessions
[admin:10-10-24-52]: useraccountprofile> save
+-------------------------------+---------------------------------------------------------+
| Field | Value |
+-------------------------------+---------------------------------------------------------+
| uuid | useraccountprofile-6753548e-7ac5-4601-939b-ad4394405db4 |
| name | Default-User-Account-Profile |
| max_password_history_count | 0 |
| max_login_failure_count | 20 |
| account_lock_timeout | 30 |
| max_concurrent_sessions | 5 |
| credentials_timeout_threshold | 0 |
+-------------------------------+---------------------------------------------------------+

 

If the threshold has been reached, the user may choose to invalidate existing sessions using the --clear-sessions option of the shell command:
root@10-10-24-52:/home/admin# shell
Login: admin
Password:

WARNING: Maximum concurrent session count has been reached. Please clear the sessions using shell –clear-sessions

root@10-10-24-52:/home/admin/# shell –clear-sessions Login: admin Password: [admin:10-10-24-52]: >

Such sessions “feel” their invalidation one of several ways:

  • The user’s UI session(s) end and a login screen is presented.
  • The user’s CLI sessions will end, but with no indication on-screen of such. The next command typed will silently trigger the re-validation of a new CLI session and the command will be executed.
  • A REST API user’s next API call will fail to validate. Or, if the REST API user is executing calls within a session, the session is ended.

Updated: 2018-01-19 07:13:16 +0000