Is there any extension, code someone can share, or built in functionality to disable people from using the same user account concurrently? I can build something based on IP Address and User-Agent but it would be great if there was something already developed.
When I did it, I did the following:
I saved in database in the table user the actual sessionId and an expire time (20 minutes for me since the last request).
In the before request I refresh the expire time, in logout you delete the sessionId and the expire time, in login you check if there is a sessionId not expired give the error like "This account is already in use, give us more money for more concurrent access"