[Breaking change]: User accounts will be prevented from creating simultaneous sessions by default in Umbraco 13

[elit0451]

Description

Umbraco 12.3 introduced a new configuration setting to limit concurrent logins (https://github.com/umbraco/Umbraco-CMS/pull/14967). Umbraco:CMS:Security:AllowConcurrentLogins default value will be changed to false in Umbraco 13 as per https://github.com/umbraco/Umbraco-CMS/pull/14989. This will prevent a user account from creating simultaneous sessions by default, meaning that only 1 session is allowed to be active at a time. This setting can always be set to true to not invalidate other active user sessions.

More info: https://github.com/umbraco/UmbracoDocs/pull/5523

Version

Umbraco 13

Previous behavior

The value of Umbraco:CMS:Security:AllowConcurrentLogins was true for existing projects but false for new projects, so the new config setting didn't break existing functionality.

New behavior

The default value of Umbraco:CMS:Security:AllowConcurrentLogins will change to false.

Type of breaking change

• [ ] Binary incompatible: Existing binaries may encounter a breaking change in behavior, such as failure to load/execute or different run-time behavior.
• [ ] Source incompatible: Source code may encounter a breaking change in behavior when targeting the new runtime/component/SDK, such as compile errors or different run-time behavior.
• [X] Behaviour breaking

Reason for change

To have a more secure behaviour by default.

Recommended action

If concurrent logins are necessary, change the value of Umbraco:CMS:Security:AllowConcurrentLogins to true.

Affected APIs

None