One session per user in WordPress

One session per user in WordPress/BuddyPress site.

In the recent 4.1 update WordPress introduced session management classes/functions/hooks.You can locate the “Logout of all other sessions” button your user profile in WP admin panel, click this button and you’ll be logged out of all other sessions. Other sessions would mean that you logged in from another computer, mobile phone/app etc.

This is an important update not only in terms of security and privacy but it also adds considerable options to expand the native CMS functionality, as WordPress now tracks sessions of logged in users, collecting information.

In this post we’ll add few lines of code to enable single logged in session per user in a WordPress site. Simply add this code in your theme functions.php file :

add_filter( 'authenticate','one_session_per_user', 30, 3 );

function one_session_per_user( $user, $username, $password ) {
$sessions = WP_Session_Tokens::get_instance( $user->ID );
$all_sessions = $sessions->get_all();
if ( count($all_sessions) ) {
$user = new WP_Error(‘already_signed_in’, __(‘<strong>ERROR</strong>: User already logged in.’));
return $user;

Try it and share your feedback !

June 22, 2016

7 responses on "One session per user in WordPress"

  1. I tried adding this code to my themes function.php file and it broke the site. In Dreamweaver it says there is a syntax error on this line:

    $user = new WP_Error(‘already_signed_in’, __(‘ERROR: User already logged in.’));

    I’m afraid I don’t know any PHP to fix it!

    • Check the single quotes. Many times when you copy code the quotes change. Copy the code in a text editor and re-type all the single/double quotes.

  2. is there a way to have the function code email the admin that this has happened?

  3. 收藏了好文乙未年(羊)三月初五 2015-4-23

  4. do you think there is a way to edit this so that it does not do this with admin users?

  5. it was a secure method to create a login user

  6. For some reasons this is not working!!! Appreciate your suggestions on this

Leave a Reply

Template Design © VibeThemes. All rights reserved.

Privacy Preference Center


This cookie is set when you login to your account at VibeThemes. VibeThemes based on WordPress sets this cookie, which indicates when you're logged in, and who you are, for most interface use.

WordPress uses the two cookies to bypass the password entry portion of wp-login.php. If WordPress recognizes that you have valid, non-expired cookies, you go directly to the WordPress Administration interface. If you don't have the cookies, or they're expired, or in some other way invalid (like you edited them manually for some reason), WordPress will require you to log in again, in order to obtain new cookies.





When you comment on VibeThemes blog, they too get cookies stored on their computer. This is purely a convenience, so that the visitor won't need to re-type all their information again when they want to leave another comment.
The commenter cookies are set to expire a little under one year from the time they're set.


%d bloggers like this: