Table of Contents

Session limits - session limitation

Julia Walther Updated by Julia Walther

What is session limiting in web apps?

Session limiting is a security feature implemented in web apps to reduce the risk of unauthorized access to user accounts.

What is a session in a web app?

A "session" starts when you log in to a web app and usually ends when you log out. During a session, you are authenticated, which means you can access your account and its features without having to re-enter your password for every single action.

What does session limiting mean?

Session limiting means that the duration of a session is limited. After a certain amount of time or after a certain period of inactivity, the session is automatically terminated and you have to log in again to continue using the web app.

Furthermore, session limiting means that only a certain number of simultaneous logins are possible in the web app. When the maximum number of simultaneous logins is exceeded, the oldest login is logged out.

If you use multiple tabs in the same browser (tabs) and are logged into Sweap there, this is the same session. So you can open Sweap in several tabs and only one session will be created.

When are we talking about concurrent logins?

When you log in with the same user in another browser or on another device, a new session is started. These are then concurrent logins, which we limit.

Why are we introducing session limiting?

The purpose of introducing session limits is to improve the security of your data. If a session automatically ends after a certain amount of time, it reduces the risk of someone unauthorized accessing your account if you forget to log out or if your credentials are compromised.

If you are logged out of your session without your intervention, you, as an active user of Sweap, can detect misuse of your credentials and take countermeasures, such as changing your password.

How does session limiting affect my use of the web app?

In most cases, you will not notice session limiting. You will only be prompted to log in again when your session expires. This can happen after a certain period of inactivity or after a set total session duration.

What is the configuration for session limitation in Sweap?

The number of simultaneous logins is limited to 2 sessions in Sweap. We have chosen 2 sessions because we know the use case that our customers work with different browsers at the same time in order to check the display of web pages.

A session can expire in Sweap after two criteria:

  • Inactivity
  • Total duration of the session

An auto logout in case of inactivity occurs in Sweap after 2 hours. We have set the total duration of the session to 12 hours. So after 12 hours a session will be terminated in any case and you have to log in again to start a new session.

How does session limitation affect the use of the Sweap guest list app?

App users are exempt from the session limitation - you can therefore use the login for the check-in app simultaneously on multiple iPads / iPhones. When using the Sweap Guest List App, there is only an automatic logout, which you can customize in the app settings in your event. Signups for the app do not count as sessions for the web app.

How can I safely end my session?

You can securely end your session at any time by logging out of the web app. It is a good practice to always log out when you have completed your work in a web app. Especially for public or shared devices, a logout should always be part of the end of work.

If you have any questions about session limits, feel free to contact us in support.

More information about security with Sweap can be found here:

Questions about security & data protection

Privacy policy and GDPR

Data tracking with Sweap

How did we do?

Increasing security - introduction of Keycloak

Send your feedback about Sweap

Contact