powered by Jive Software

Not to allow one user to login multiple times

Hi All,

I was searching for any configuration under openfire which could disable a login attempt by a user in case a session is already active for the same user i.e., the user is logged in either from same machine or different one. All i could find was resource policy of kick out, however for I don’t think resource id is same as a username, because each time i log in with the same username it provide a different unique resource id which resembles the format username@servername/unique id.

Can anyone please guide me in the right direction on disabling login for a user in case the user is already logged in either from same machine or some other machine.


Pawan Rai

It must be that your client that you use generates some random resource id every time you login. If you set it to a permanent value and then try to login with the same resource id from the other computer (or the same) it should kick the older session (if this is the policy conflict option). There is no way to make one username to login only from one location if resources are different. This is how jabber/xmpp operates.

Thanks wroot,

I’d be grateful if you could help me out a littler further. I tried checking the jid and it was the sid part in strophe.js that is getting appended to the userid in the format username@domain/sid to form the resource id, however after thorough scrutinization i was unable to find a place in strophe.js from where sid was getting initiated from client side.

I am assuming setting sid to a the same value for all the users will make any user login once only.

Best Regards

Pawan Rai

I’m not familiar with the strophe. If you can make all users to use the same resource/sid, then you can restrict them to only one login with one username.

I have recently been trying to figure out how to accomplish this same thing. My clients are only connecting from Pidgin and Adium. But people are figuring out they can use mobile IM clients like IM+, and Trilllian to login. They tend to forget that its logged in and messages are only sent to one resource or the other, so they are missing messages. There might also be a bug ont the mobile side after killing the app the account does not get disconnected. I have the server set to kick logins on the same resourse, but im trying to restrict the same username from logging in more then 1 time.