Issue with multiple roles

[ShamiraO]

Hi, When a user have multiple roles, Sessions plugin only recognized the weakest role. If the new role allow more active sessions to an user the plugin will always choosed the smaller role unless it's an admin role. Even if the setting "cumulative privileges" is selected.

Is there a way to for Session to choose the strongest role ?

As you can see on the screenshots, the user "maureen" is an ''abonnée" and a "premium" user in wordpress role manager but in Session she is just an "abonnée" so she doesn't benefits from the ability to log multiple times.

• PHP version: 7.4.23
• WordPress version : Version 5.8.1
• Other info: The session "premium" has been created with the plugin "members" but the issue is occuring on native wordpress roles.

Thank you in advance for your support. Shamira

[Pierre-Lannoy]

Hello Shamira! Thank you for reporting it. First of all, know the display of roles in "tools" section is just... a display. For now, it displays only the "main" role (i.e. the standard role) even if the user have many roles. And it's only a "display": in the sessions limiter engine, all roles are taken into account. It was initially done like that because the space to display role was limited. As it is no longer the case, all role will be displayed in the next version - thanks for this wonderful suggestion. 👍🏼 Now, the real issue: there's no "weakest" or "strongest" roles... There's just "different" roles. To allow me to see where the issue come from, could you attach to this issue:

• the content of Site Info (in Tools > Site Health > Info) - the "Sessions" section is quite fine
• a screenshot of the user's profile (the "Session Management" section) like in the screenshot I attach.

Thank you

Example:

[ShamiraO]

Hi Pierre, Thank you for your quick response. Here is the screenshot for the user "maureen" session management. I am also adding the screenshot for an user who only have the "premium role".

[Pierre-Lannoy]

Oups, seems something strange... Could you copy/paste the content of the "Session" section found in Site Info (in Tools > Site Health > Info)?

Thanks.

[ShamiraO]

Here it is...

[Site Option] version	2.4.0
[Site Option] use_cdn	0
[Site Option] download_favicons	0
[Site Option] script_in_footer	0
[Site Option] display_nag	0
[Site Option] analytics	1
[Site Option] forceip	1
[Site Option] followip	1
[Site Option] history	30
[Site Option] metrics	0
[Site Option] rolemode	0
[Site Option] zk_cycle	90
[Site Option] zk_tsize	20
[Site Option] zk_semaphore	300
[Site Option] buffer_limit	4000
[Site Option] bad_ip_message
[Site Option] blocked_message
[Site Option] administrator:limit	none
[Site Option] administrator:maxip	0
[Site Option] administrator:method	block
[Site Option] administrator:idle	0
[Site Option] administrator:block	none
[Site Option] administrator:cookie-ttl	48
[Site Option] administrator:cookie-rttl	336
[Site Option] editor:limit	none
[Site Option] editor:maxip	0
[Site Option] editor:method	block
[Site Option] editor:idle	0
[Site Option] editor:block	none
[Site Option] editor:cookie-ttl	48
[Site Option] editor:cookie-rttl	336
[Site Option] author:limit	none
[Site Option] author:maxip	0
[Site Option] author:method	block
[Site Option] author:idle	0
[Site Option] author:block	none
[Site Option] author:cookie-ttl	48
[Site Option] author:cookie-rttl	336
[Site Option] contributor:limit	none
[Site Option] contributor:maxip	0
[Site Option] contributor:method	block
[Site Option] contributor:idle	0
[Site Option] contributor:block	none
[Site Option] contributor:cookie-ttl	48
[Site Option] contributor:cookie-rttl	336
[Site Option] subscriber:limit	user-1
[Site Option] subscriber:maxip	0
[Site Option] subscriber:method	override
[Site Option] subscriber:idle	12
[Site Option] subscriber:block	none
[Site Option] subscriber:cookie-ttl	48
[Site Option] subscriber:cookie-rttl	336
[Site Option] group_leader:limit	none
[Site Option] group_leader:maxip	0
[Site Option] group_leader:method	block
[Site Option] group_leader:idle	0
[Site Option] group_leader:block	none
[Site Option] group_leader:cookie-ttl	48
[Site Option] group_leader:cookie-rttl	336
[Site Option] customer:limit	user-1
[Site Option] customer:maxip	0
[Site Option] customer:method	override
[Site Option] customer:idle	12
[Site Option] customer:block	none
[Site Option] customer:cookie-ttl	48
[Site Option] customer:cookie-rttl	336
[Site Option] shop_manager:limit	none
[Site Option] shop_manager:maxip	0
[Site Option] shop_manager:method	block
[Site Option] shop_manager:idle	0
[Site Option] shop_manager:block	none
[Site Option] shop_manager:cookie-ttl	48
[Site Option] shop_manager:cookie-rttl	336
[Site Option] test:limit	none
[Site Option] test:maxip	4
[Site Option] test:method	block
[Site Option] test:idle	0
[Site Option] test:block	none
[Site Option] test:cookie-ttl	48
[Site Option] test:cookie-rttl	336
[Site Option] premium:limit	user-4
[Site Option] premium:maxip	0
[Site Option] premium:method	override
[Site Option] premium:idle	12
[Site Option] premium:block	none
[Site Option] premium:cookie-ttl	48
[Site Option] premium:cookie-rttl	336
[Site Option] premium_2:limit	none
[Site Option] premium_2:maxip	0
[Site Option] premium_2:method	block
[Site Option] premium_2:idle	0
[Site Option] premium_2:block	none
[Site Option] premium_2:cookie-ttl	48
[Site Option] premium_2:cookie-rttl	336
[Site Option] aba:limit	user-2
[Site Option] aba:maxip	0
[Site Option] aba:method	block
[Site Option] aba:idle	0
[Site Option] aba:block	none
[Site Option] aba:cookie-ttl	48
[Site Option] aba:cookie-rttl	336

[Pierre-Lannoy]

Hi Shamira and thank you so much for this complete bug report that allowed me to reproduce the issue. 👍🏼

You're definitely right, there's something wrong with the cumulative privileges... In some edge cases, the limiter engine is not doing its job correctly (and you are in one of these edge cases).

I will make a patch in the coming days to fix this issue (will be 2.4.1 version).

Thanks you so much for detecting (and reporting) it... You rock!

[Pierre-Lannoy]

Version 2.4.1 is released. It fixes this issue. Don't hesitate to reopen this issue if this is not the case.

Thanks again for all.