Session Limit allows administrators to limit the number of simultaneous sessions per user.

Max session is configurable, no database tables needed.

By default, a session is created for each browser that a user uses to log in. This module will force the user to log out any extra sessions after they exceed the administrator-defined maximum.

Assuming the session limit is 1, if a user is logged in to a Drupal site from their work computer and they log in from their home computer, they would be forced to either log off the work computer session, or abort their new login from home.

Try it out on


  • On login, logout the oldest session without prompting (optional)
  • At login, prevent login if existing session exists elsewhere (optional)
  • Notify old session about disconnect
  • Configure any number of max allowed sessions
  • Configure session limiting exclusions by role
  • Configure session limiting exclusions by user
  • New user session prompted to select which session to disconnect
  • Implements hook on collision
  • Implements hook on disconnect
  • Implements triggers and compatible with rules
  • Integrates with token module
  • Disregard Masqueraded user sessions in max session counter (optional)

Other recommended modules

  • Autologout - For limiting the length of time a user's session can last.
  • Password Policy - For enforcing password length, complexity and renewal.
  • Ejector seat - For periodically checking if a user has been logged out and then reloading the page they are on so they know they need to login before proceeding


This project is sponsored by Deeson.
We’re growing our distributed team in the UK & Europe - talk to us.

Supporting organizations: 

Project Information