Disabling Concurrent Logon Sessions

The default behavior for the SAS Logon Manager and the other SAS Web applications is to permit multiple logon sessions. However, it is possible to configure an advanced middle-tier security policy to prevent multiple logon sessions. When this policy is active, users can log on to one SAS Web application at a time. When users use the Log Off link that is provided in the application banner, the logon session is destroyed, and users can log on to a SAS Web application again.

To disable concurrent logon sessions, follow these steps:

Log on to SAS Management Console.
On the Plug-ins tab, select Application ManagementConfiguration Manager, right-click SAS Application Infrastructure, and select Properties.
In the SAS Application Infrastructure Properties dialog box, click the Advanced tab.
Click Add to define a new property.
Enter Policy.DisableConcurrentUserLogins in the Property Name. Enter true in the Property Value field.
Click OK.

Settings are not applied and made active automatically. You must restart the SAS Web Infrastructure Platform Services or the Web application server.

When this setting is enabled, each logon session is recorded and cached. When an additional request to log on is made, the existing session is found and the logon request is rejected. Sessions are removed from this cache in one of the following ways:

The user logs off the SAS Web application using the Log Off link in the application banner.
The user session times out.
The user session is terminated by an administrator that uses the SAS Web Administration Console to Force Log Off the user.

If a user closes a Web browser, the session persists (and prevents subsequent log on attempts) until the session times out or an administrator forces a logoff with the SAS Web Administration Console.