User Session Management feature allows you to better control user sessions on your WordPress site and expire idle sessions and prevent account sharing.
Let’s say you’re an administrator of a site, and you see that somehow, some way, someone else is logged into the site under your administrator username in another location – you can immediately take action against this. Without being able to see currently active sessions, you are blind. User sessions simply give you a view on to who is on your site and where they are.
User Session Management options explanations
Option: Session Timeout
This option helps you to specify how many days after login to automatically force re-login.
Note: WordPress default is 2 days, or 14 days if you check the "Remember Me" box.
This cannot be less than "1". Default: "2".
Option: Idle Timeout
This option helps you to specify how many hours after inactivity to automatically logout user.
Note: If the user is inactive for the number of hours specified, they will be forcefully logged out next time they return.
Set to "0" to turn off this option.
Option: Lock To Location
This option helps you to lock a user session to IP address.
Note: When selected, a session is restricted to the same IP address as when the user logged in. If a logged-in user's IP address changes, the session will be invalidated and they'll be forced to re-login to WordPress.
Option: Max Simultaneous Sessions
This option helps you to limit simultaneous sessions for the same username.
Note: The number provided here is the maximum number of simultaneous, distinct, sessions allowed for any given username.
Zero (0) will allow unlimited simultaneous sessions.
Note: You also have the ability to review user sessions.
For further reading on User Sessions, read the blog article here.