Loggedin – Limit Concurrent Sessions

PMF

Where can I find the settings for Loggedin?

You can find the plugin settings by navigating to Users > Loggedin in your WordPress admin dashboard.

What are the available login logic options?

Currently, the plugin offers three built-in login logic options:

• Logout Oldest: When a user reaches the login limit, their oldest active session will be automatically terminated to allow for the new login.
• Logout All: All other active sessions for the user will be logged out when a new session is started.
• Block New: The new login attempt will be blocked if the user has already reached the maximum number of active sessions.

Additional logic options can be added using third-party plugins or custom code. For more details, see our documentation here.

How long does a login session last?

The duration of a login session is determined by WordPress’s default settings.

• If the “Remember Me” box is checked during login, the session will last for 14 days.
• If the “Remember Me” box is not checked, the session will last for 2 days.

You can customize this duration using the auth_cookie_expiration filter. Here’s an example of how to set the session to one month:

function custom_auth_cookie_expiration( $expire ) {
    return MONTH_IN_SECONDS; // Sets the session to one month
}

add_filter( 'auth_cookie_expiration', 'custom_auth_cookie_expiration' );

What if a user has reached the login limit but doesn’t know which devices are active?

Administrators can forcefully log a user out of all their active sessions from the dashboard.

1. Find the user’s WordPress ID.
2. Go to Users > Loggedin in your WordPress admin panel.
3. Navigate to the Manage Sessions section.
4. Enter the user ID and click the Force Logout button to end all of their active sessions.

Can I bypass the login limit for specific users or roles?

Yes, you can bypass the limit for certain users or roles by adding a few lines of code to your theme’s functions.php file or a custom plugin.

To bypass specific user IDs, use the following code:

function loggedin_bypass_users( $bypass, $user_id ) {
    // Add the user IDs you want to bypass to this array.
    $allowed_users = array( 1, 2, 3, 4, 5 );
    return in_array( $user_id, $allowed_users );
}

add_filter( 'loggedin_bypass', 'loggedin_bypass_users', 10, 2 );

To bypass specific user roles, use this code:

function loggedin_bypass_roles( $prevent, $user_id ) {
    // Add the roles you want to bypass to this array.
    $allowed_roles = array( 'administrator', 'editor' );
    $user = get_user_by( 'id', $user_id );
    $roles = ! empty( $user->roles ) ? $user->roles : array();
    return ! empty( array_intersect( $roles, $allowed_roles ) );
}

add_filter( 'loggedin_bypass', 'loggedin_bypass_roles', 10, 2 );