Hi,

Based on a new feature request about Horizon's login session,

we would like to know if you're open to considering the

improvement described below. If that is the case, we can submit a

spec and upstream that implementation when the feature is done.

Currently, a specific user is able to create multiple login sessions

in Horizon, allowing him to log in to Horizon from multiple

browsers/devices at the same time.

The proposal is to have a parameterized solution and have a

configuration to control how Horizon's login sessions are handled,

the configuration options would be as below:

1 - Default option, allow the user to create multiple login sessions

 - this is the current behavior;

2 - Block subsequent login attempts if the user already has an

active session;

3 - Invalidate the active session (if there is one) when the user

creates a new one.

Option number 2 obligates the user to log out of the system before

opening a new one, on the other hand, in option number 3, the

Horizon application is in charge of invalidating any previous active

session and keeping only the latest one.

This solution targets only Horizon login sessions, not affecting

other kinds of sessions (e.g.: CLI).