Concurrent Session Restrictor
Secure your Odoo environment, prevent credential sharing, and ensure subscription compliance by restricting concurrent logins per user.
Take control of user session security and unauthorized credential sharing
Allowing users to have multiple active sessions concurrently poses a significant security threat. Employees frequently share credentials (usernames and passwords), leading to inaccurate audit trails and making it impossible to identify which individual performed a specific action in your database. Additionally, concurrent sessions can lead to subscription compliance issues when multiple people share a single Odoo user license.
The **Concurrent Session Restrictor** resolves this by enforcing a strict single-session policy. By default, logging in from a new device or browser will automatically and securely terminate all other active sessions for that user.
With this automated security control, you safeguard your business intelligence, improve traceability, and protect your ERP's integrity while maintaining compliance with subscription policies.
Security & Compliance Scenarios
- Prevent Credential Sharing: Block multiple employees from using the same user account concurrently, encouraging correct login hygiene.
- Audit Trail Integrity: Guarantee that every action logged in the system corresponds to a single, unique user on a single active device.
- Exempt Superusers: Easily allow administrators, system integrations, or kiosk terminals to maintain multiple sessions concurrently.
- License Compliance: Automatically enforce the "one user, one license" policy in your Odoo ecosystem to align with software agreement rules.
Key Module Capabilities
Enforce robust session limitations with native Odoo 18 security controls.
Single Session Enforcement
Forces a single active login per user by default, immediately identifying and blocking simultaneous logins.
Auto-Revocation of Sessions
Instantly terminates and signs out older active sessions on any previous browsers or devices when a new login is detected.
Per-User Exemptions
Grant specific users or integration service accounts the ability to maintain multiple sessions concurrently using a simple toggle.
Native Device Log Extends
Built as a direct extension to Odoo 18's device tracking model (`res.device.log`), minimizing custom database overhead.
Silent Revocation Bypass
Revocation executes programmatically without prompting administrators for passcodes, ensuring smooth, automated background processing.
Enhanced Security Compliance
Assists your organization in passing security audits by preventing anonymous login sharing and establishing clear traceability.
Behind-The-Scenes Revocation Logic
The module intercepts session registration to guarantee correct execution of security boundaries:
- Session Hook: Extends the `_update_device` method, catching new login requests and validating the active session identifier.
- Transactional Integrity: Automatically manages read/write cursor states. When Odoo triggers `_update_device` inside a readonly transaction, the module opens a safe writable database cursor to perform session revocations securely.
- Immediate Revocation: Revokes previous session records directly from Odooâs `res.device` and instantly flushes model updates so other logins reflect the status immediately.
Centralized Session Controls
Administrators can configure exclusions within Odoo's native settings views:
- Per-User Session Security: Enable the "Allow Multiple Active Sessions" checkbox under the User profile setting to exempt specific individuals.
- Account Security Integration: Placed natively within Odoo's base security view structure for quick administration.
- Compliance Audits: Keep track of active logins and revoked status transparently using Odoo's device settings list.
Interface Preview
Per-User Settings
Configure the 'Allow Multiple Active Sessions' override directly on the user's Odoo Account Security tab.
Active Session Log
View and monitor user devices, active logins, and revoked sessions inside Odoo's device manager.
Quick Setup Guide
1. Install
Place the Concurrent Session Restrictor module in your addons path and install via Odoo Apps.
2. Auto-Restricts
By default, all user accounts are restricted to one active session. Extra logins instantly revoke old ones.
3. Configure Exclusions
Check 'Allow Multiple Active Sessions' on any User profile if they require concurrent logins.
4. Monitor Device logs
Administrators can review system access logs and revocation traces in Settings -> Users -> Devices.
Need custom Odoo security, compliance, or workflow support?
ADream Innovations provides premium consulting, engineering, and support services for Odoo environments. We help organizations optimize their operations through custom Odoo Development, targeted Odoo Customization, and end-to-end Odoo Implementation setups. Our team integrates systems via custom API Integrations and automates routine workflows.
If you need an expert ERP Consulting partner to audit your access controls, session security, or require reliable, Long-Term Odoo Support, contact us today to discuss how we can assist.
Developed by ADream Innovations under standard LGPL-3 licensing. For software updates, security audits, or consulting inquiries, contact us.
Email: info@adream-innovation.odoo.com
Website: https://adreaminnovations.odoo.com
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Lines of code | 55 |
| Technical Name |
ad_concurrent_session_restrict |
| License | LGPL-3 |
| Website | https://adreaminnovations.odoo.com |
Please log in to comment on this module