[FEATURE] Enable Single Session for User safety #2206
Description
Describe the feature
Implement a Single Session per User enforcement. Currently, multiple users can log in simultaneously using the same credentials. This feature ensures only one active session is allowed per account.
This is a critical safety requirement for industrial environments. It prevents accidental commands from secondary devices that could endanger the physical integrity of operators working on the machinery.
Describe the solution you'd like
- Settings: Add a "Single Session" toggle in the system settings with a secondary option to define the Enforcement Mode:
1.1 Kick Previous: Logging in from a new device automatically invalidates the existing session.
1.2 Block New: If a session is already active, any new login attempts are rejected until the first user logs out. - Logic: The server must track active userIds and their associated tokens/sockets.
- Action: * In Kick Mode: The previous user is redirected to the login page with the message: "Session closed: logged in from another device."
3.1 In Block Mode: The new user receives an error: "Login failed: An active session already exists for this account."
Additional context
There is a similar request from 3 years ago:
#1020