From 5a7dda337f4cdda0d0c61adef3d2b13772e708d0 Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Sun, 4 Oct 2020 11:50:00 -0400
Subject: Add active session tracking

Adds a flag for a maximum number of user sessions, as well as an
authentication check to ensure that the user is not above this level.
---
 Emby.Server.Implementations/Session/SessionManager.cs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'Emby.Server.Implementations/Session/SessionManager.cs')

diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs
index e42d47853..5903d395a 100644
--- a/Emby.Server.Implementations/Session/SessionManager.cs
+++ b/Emby.Server.Implementations/Session/SessionManager.cs
@@ -1484,6 +1484,19 @@ namespace Emby.Server.Implementations.Session
                 throw new SecurityException("User is not allowed access from this device.");
             }
 
+            var sessionsCount = Sessions.Where(i => string.Equals(i.UserId, user.Id)).ToList().Count;
+            int maxActiveSessions = user.MaxActiveSessions;
+            _logger.LogDebug("Current/Max sessions for user {User}: {Sessions}/{Max}", user.Username, sessionsCount, maxActiveSessions);
+            if (maxActiveSessions >= 0 && sessionsCount >= maxActiveSessions)
+            {
+                throw new SecurityException(
+                    "User {User} is at their maximum number of sessions ({Sessions}/{Max}).",
+                    user.Username,
+                    sessionsCount,
+                    maxActiveSessions
+                )
+            }
+
             var token = GetAuthorizationToken(user, request.DeviceId, request.App, request.AppVersion, request.DeviceName);
 
             var session = LogSessionActivity(
-- 
cgit v1.2.3