Limit amout of sessions on user-by-user basis?

One user account per person would definitely be easier, but I think you could kind of get this done by playing with the user sessions, which are stored as user_meta with the session_tokens key. Something along these lines maybe.

add_action('template_redirect', 'check_max_num_sessions');
function check_max_num_sessions() {
    // Only check for logged in users
    if ( is_user_logged_in() ) {
        $current_user_id = get_current_user_id();

        // Get user sessions from user_meta
        $user_sessions = user_sessions($current_user_id);

        // Count sessions
        $ongoing_sessions = count_ongoing_sessions(
            $user_sessions
        );

        // Get max num of allowed sessions
        $max_sessions = max_num_sessions(
            $current_user_id
        );

        // Check, if limit exceeded
        if ( $ongoing_sessions > $max_sessions ) {

            // Destroy latest session
            destroy_latest_user_session(
                $current_user_id,
                $user_sessions
            );

            // Or destroy the current session, which may or may not be the latest
            // $session_manager = WP_Session_Tokens::get_instance(
            //  $current_user_id
            // );
            // $session_manager->destroy(
            //  wp_get_session_token()
            // );

            // Redirect user to an error page?
            // wp_redirect(
            //  max_num_sessions_error_page(),
            //  302
            // );
            // exit;
        }
    }

}

function user_sessions(int $user_id) {
    $meta = get_user_meta( $user_id, 'session_tokens', true );
    return is_array($meta) ? $meta : array();
}

function destroy_latest_user_session(int $user_id, array $sessions) {
    array_pop(
        $sessions
    );
    return update_user_meta( $user_id, 'session_tokens', $sessions );
}

function count_ongoing_sessions( array $sessions ) {
    // Time to compare sessions against
    $now = current_time('timestamp');
    // Session counter
    $ongoing_sessions = 0;
    /**
        * Loop current user's sessions
        *
        * @var array $session
        * expiration int timestamp
        * ip string
        * ua (user agent) string
        * login int timestamp
        */
    foreach ($sessions as $session) {
        // Skip expired sessions
        if ( $session['expiration'] < $now ) {
            continue;
        }
        // maybe some user agent checking here, if needed
        // code..
        // Increment counter
        $ongoing_sessions++;
    }
    return $ongoing_sessions;
}

function max_num_sessions( int $user_id ) {
    // Get from database?
    return 15;
}

function max_num_sessions_error_page() {
    return 'http://example.com';
}

I didn’t see a direct way to destroy latest session with WP_Session_Tokens. That’s why I’m getting and updating the meta directly.

There probably should be a redirect after kicking the latest session, because the user will seem to be logged in, after the session meta has been updated, until the user navigates to another page or refreshes the current page and WP checks again the user’s login status.

Related Posts:

  1. Limiting the number of users
  2. If the current user is an administrator or editor
  3. How do I add a field on the Users profile? For example, country, age etc
  4. user_login vs. user_nicename
  5. WordPress usermeta scaling for thousands of users
  6. Groups of capabilities: users with multiple roles?
  7. Is there a way to merge two users?
  8. Execute a function when admin changes the user role
  9. Best way to send users password?
  10. Why are user address fields required [closed]
  11. Importing users? From another wordpress site
  12. How to discover and delete unused accounts?
  13. Multi-steps WordPress registration : in 4 steps how to?
  14. Allow guests to save favourite pages?
  15. Basic auth WordPress REST API dilemma
  16. Remove all users from site except one using WP CLI
  17. security+best practices: root or www-data on a wordpress content folder?
  18. Show Biographical Info while creating new user
  19. How to enable the theme editor cap for an editor role?
  20. WordPress keeps asking for connection information in localhost
  21. User File Upload Repository?
  22. How to get user ID during registration and add it to a custom table
  23. How do I properly format the user_role array?
  24. How can I secure a WordPress blog using OpenID from a single provider?
  25. How to edit user_id on the comment edit screen
  26. Redirect after login based on user role (custom login page)
  27. get_users() ORDER BY Not Working
  28. Can I create users that have access to *some* other users posts instead of all other users posts?
  29. Total Word Count For Posts And Comments By One Author
  30. Delete user from frontend
  31. Tagging users in WordPress
  32. Share user table from WP with Drupal
  33. How can I display show/hide elements when user is registered?
  34. How can I allow password reset based on logins containing the @ character?
  35. WordPress User getting added with id of 0
  36. Log all users out of all locations after 24 hours
  37. Register new user in the frontend
  38. Force logout ALL users at a certain time
  39. add_cap not working with Shop Manager role
  40. User Last Login Sort Column
  41. get_users() timeout on big userbase — options to divide query?
  42. Plugin for limiting user registration based on ip with expiry period?
  43. How would I hook into `clear_auth_cookie` to return the user’s ID that’s currently being logged out?
  44. How to disable a specific page for a specific user
  45. How to change textarea rows height for user’s biographical Info?
  46. Getting author page slug from get_users() or get_userdata() functions
  47. WP_User_Query by meta_value with Number returns nothing
  48. How to add user from front end
  49. Rewrite Rules and Login Issue
  50. I am getting mysql_real_escape_string() function error while adding user?
  51. User profile updates password even if not filled (Theme my login) in Firefox? [closed]
  52. Preventing auto-filling of e-mail addresses on profile.php
  53. Getting the age of a users account
  54. Prevent subscribers to changing certain profile fields
  55. New user form rejected because “passwords don’t match”—but there’s only one password field
  56. Unable to change email address of admin on localhost
  57. “the_author_meta(‘url’)” not working inside “href”
  58. REST API: wp_get_current_user not working on second call
  59. How do I filter users based on email address?
  60. What’s the correct way to add capabilites to user roles?
  61. Web app vs CMS backend
  62. User roles not displaying
  63. Allow admins to login as other users
  64. Should I setup frontend-only users as CPT or use a plug-in?
  65. How to expire user registration?
  66. Delete a user from frontend
  67. Echo a list of all subscriber’s user IDs
  68. wp_delete_user – huge overhead in Buddypress?
  69. Get current logged-in user from external site
  70. Delete all users with Editor role and their content mysql
  71. Send user auto generated password on different email
  72. Show posts who published after registration date
  73. How to hide “Change role to” dropdown on Users admin menu
  74. Get UserInfo from WordPress
  75. How to display a calendar with events depending on the user?
  76. How can i display pagination in custom comment list?
  77. hide page menu from admin panel for specific users
  78. Single Sign On (SSO) between two WordPress websites
  79. get user id in a plugin without a function
  80. $user_login is not working if author has only 1 post
  81. REST_query_vars for users
  82. How to use a transient inside WP_User_Query
  83. Allowing users to edit only their page and nobody else’s
  84. How to bulk change user role to “No role for this site”
  85. Showing extra profile fields in admin – problem with underscore
  86. Add an ‘edit profile’ page with Genesis
  87. Exclude Current user email and send notification
  88. Insert query not working for non-logged in user
  89. User management missing after migration to new host
  90. Add new user and user bio at same time
  91. How to create a link to a user’s profile page
  92. Validate user meta and redirect
  93. Let admin users edit member profiles from front end
  94. Storing additional information about the user
  95. Current User Seeing Another Logged In User Info
  96. What techniques can a user employ to achieve a password rated “strong” in the WordPress password checker
  97. New User Registration email
  98. determine active user browser at the same time
  99. get Discussion setting in wordpress
  100. Set a minimal number for next user_id