Prevent multiple users form authenticating with the same account

[hdodov]

Problem

We made the mistake of giving one panel user to multiple people, instead of making a separate user for everyone. This lead to editors overwriting their changes because content locking works on a per-user basis, and there's only one user.

While the problem is mostly ours, it'd be great if Kirby handled these cases. Even if we create multiple users, that doesn't prevent other people from giving their credentials to someone else, leading to the same problem.

Solution

Perhaps site/sessions should also store the user that is associated with a certain session and give the error:

Another person is currently using this account.

...whenever someone tries to authenticate with the same user.

---

Another solution is to make content locking work on a per-session basis, rather than per-user (or both), but I guess there are a lot of caveats there.

[lukasbestle]

but I guess there are a lot of caveats there.

That's exactly the problem. To be honest, I think this is something we can't fix. We have the feature of users and so it should be used for this purpose. Creating "users within users" would increase complexity by a lot.

[hdodov]

@lukasbestle yep, completely agree. And going by that same logic, one user should belong to one person only, i.e. only one person logged in at a certain time. As you said, Kirby has the feature of users and people should be encouraged to utilize it. 👍

[lukasbestle]

I have added a note to https://getkirby.com/docs/guide/users/managing-users.