Add active session tracking

Adds a flag for a maximum number of user sessions, as well as an
authentication check to ensure that the user is not above this level.

1 files changed, 13 insertions, 0 deletions

diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs
index e42d47853..5903d395a 100644
--- a/Emby.Server.Implementations/Session/SessionManager.cs
+++ b/Emby.Server.Implementations/Session/SessionManager.cs
@@ -1484,6 +1484,19 @@ namespace Emby.Server.Implementations.Session
                 throw new SecurityException("User is not allowed access from this device.");
             }
 
+            var sessionsCount = Sessions.Where(i => string.Equals(i.UserId, user.Id)).ToList().Count;
+            int maxActiveSessions = user.MaxActiveSessions;
+            _logger.LogDebug("Current/Max sessions for user {User}: {Sessions}/{Max}", user.Username, sessionsCount, maxActiveSessions);
+            if (maxActiveSessions >= 0 && sessionsCount >= maxActiveSessions)
+            {
+                throw new SecurityException(
+                    "User {User} is at their maximum number of sessions ({Sessions}/{Max}).",
+                    user.Username,
+                    sessionsCount,
+                    maxActiveSessions
+                )
+            }
+
             var token = GetAuthorizationToken(user, request.DeviceId, request.App, request.AppVersion, request.DeviceName);
 
             var session = LogSessionActivity(