Overview

This module enhances Odoo security by enforcing a single active login session per user. When a user logs in from a new browser or device, any previously active session is automatically terminated. This prevents credential sharing and unauthorized parallel system access. It also provides a configurable bypass option that allows selected users to maintain multiple active sessions when required.

Key Features

• Enforce single active session per user
• Automatic logout of previous sessions on new login
• Prevents concurrent logins and credential sharing
• Lightweight and secure authentication control
• Boolean-based bypass configuration
• Compatible with Community and Enterprise editions

Configuration

After installation, configure session control directly from the user form:

• Go to Settings >> Users & Companies >> Users
• Open the desired user record
• Navigate to the Access Rights tab
• Locate the field Allow Multiple Sessions

• Checked >> Bypass enabled (multiple sessions allowed)
• Unchecked >> Single session enforced

No additional setup or technical configuration is required.

How It Works

Active Session in First Browser

A user logs into Odoo from the first browser and continues working normally inside the system. The session remains active while the user performs operations within the platform.

Second Login from Another Browser

The same user logs in from a second browser or device using identical credentials. The system allows the login but simultaneously checks for any existing active sessions linked to that user.

Previous Session Expired

As soon as the second login is confirmed, the earlier session is automatically terminated. The first browser displays a session expiration message notifying the user that their session has ended and the page is about to refresh.

Redirected to Login Screen

After termination, the first session is redirected to the login page, requiring the user to authenticate again. At this stage, only the latest session (second browser) remains active in the system.

Bypass Functionality

If the user is assigned the Allow Multiple Sessions access right, the behavior changes.When the same user logs in from another browser or device, the system detects the access permission and skips session termination. Both sessions remain active at the same time without interruption.

Where to give Access

This access can be assigned from the User configuration screen:

Path: Settings → Users & Companies >> Users >> Access Rights tab

Under the access rights sections, enable: Allow Multiple Sessions

Once this access is granted, the user will be exempted from the single-session restriction and can maintain multiple active logins.