<acronymtitle="LemonLDAP::NG">LL::NG</acronym> rely on a session mechanism with the session ID as a shared secret between the user (in <ahref="../../documentation/1.4/ssocookie.html"class="wikilink1"title="documentation:1.4:ssocookie">SSO cookie</a>) and the <ahref="../../documentation/1.4/start.html#sessions_databases"class="wikilink1"title="documentation:1.4:start">session database</a>.
<liclass="level1"><divclass="li"><strong>Store user password in session data</strong>: see <ahref="../../documentation/1.4/passwordstore.html"class="wikilink1"title="documentation:1.4:passwordstore">password store documentation</a>.</div>
<liclass="level1"><divclass="li"><strong>Sessions timeout</strong>: Maximum lifetime of a session. Old sessions are deleted by a cron script.</div>
</li>
<liclass="level1"><divclass="li"><strong>Sessions activity timeout</strong>: Maximum inactivity duration.</div>
</li>
</ul>
<p>
<p><divclass="notewarning">Session activity timeout requires Handlers to have a write access to sessions database.
</div></p>
</p>
<ul>
<liclass="level1"><divclass="li"><strong>Opening conditions</strong>: rules which are evaluated before granting session. If a user does not comply with any condition, he is prompted a customized message. That message can contain session data as user attributes or macros. The conditions are checked in alphabetical order of comments.</div>
<liclass="level2"><divclass="li"><strong>One <acronymtitle="Internet Protocol">IP</acronym> only by user</strong>: a user can not open 2 sessions with different <acronymtitle="Internet Protocol">IP</acronym>.</div>
<liclass="level2"><divclass="li"><strong>One user by <acronymtitle="Internet Protocol">IP</acronym> address</strong>: 2 users can not open a session with the same <acronymtitle="Internet Protocol">IP</acronym>.</div>
</li>
<liclass="level2"><divclass="li"><strong>Display deleted sessions</strong>: display deleted sessions on authentication phase.</div>
</li>
<liclass="level2"><divclass="li"><strong>Display other sessions </strong>: display other sessions on authentication phase, with a link to delete them.</div>
</li>
</ul>
</li>
</ul>
<p>
<p><divclass="noteimportant">Note that since <acronymtitle="Hyper Text Transfer Protocol">HTTP</acronym> protocol is not connected, restrictions are not applied to the new session: the oldest are destroyed.