[Breaking change]: User accounts will be prevented from creating simultaneous sessions by default in Umbraco 13

[elit0451]

Description

Umbraco 12.3 introduced a new configuration setting to limit concurrent logins (umbraco/Umbraco-CMS#14967). Umbraco:CMS:Security:AllowConcurrentLogins default value will be changed to false in Umbraco 13 as per umbraco/Umbraco-CMS#14989. This will prevent a user account from creating simultaneous sessions by default, meaning that only 1 session is allowed to be active at a time. This setting can always be set to true to not invalidate other active user sessions.

More info: umbraco/UmbracoDocs#5523

Version

Umbraco 13

Previous behavior

The value of Umbraco:CMS:Security:AllowConcurrentLogins was true for existing projects but false for new projects, so the new config setting didn't break existing functionality.

New behavior

The default value of Umbraco:CMS:Security:AllowConcurrentLogins will change to false.

Type of breaking change

• Binary incompatible: Existing binaries may encounter a breaking change in behavior, such as failure to load/execute or different run-time behavior.
• Source incompatible: Source code may encounter a breaking change in behavior when targeting the new runtime/component/SDK, such as compile errors or different run-time behavior.
• Behaviour breaking

Reason for change

To have a more secure behaviour by default.

Recommended action

If concurrent logins are necessary, change the value of Umbraco:CMS:Security:AllowConcurrentLogins to true.

Affected APIs

None