User Session Management feature allows you to better control user sessions on your WordPress site and expire idle sessions and prevent account sharing. 


Example


Let’s say you’re an administrator of a site, and you see that somehow, some way, someone else is logged into the site under your administrator username in another location – you can immediately take action against this.  Without being able to see currently active sessions, you are blind. User sessions simply give you a view on to who is on your site and where they are.

User Session Management options explanations

Option: Session Timeout

This option helps you to specify how many days after login to automatically force re-login. 


Note: WordPress default is 2 days, or 14 days if you check the "Remember Me" box.
This cannot be less than "1". Default: "2".


Option: Idle Timeout

This option helps you to specify how many hours after inactivity to automatically logout user.


If the user is inactive for the number of hours specified, they will be forcefully logged out next time they return.
Set to "0" to turn off this option.


Note: If the user has any browser activity whatsoever, this will affect their automatic logouts e.g. if they leave their browser window open and there are any background (AJAX) requests to the site, this will count as activity.


This is what users get when they:


Close the browser window of the site

Leave the browser window of the site opened and there's no a background requests to the site

Option: Lock To Location

This option helps you to lock a user session to IP address.


Note: When selected, a session is restricted to the same IP address as when the user logged in. If a logged-in user's IP address changes, the session will be invalidated and they'll be forced to re-login to WordPress.


Option: Max Simultaneous Sessions

This option helps you to limit simultaneous sessions for the same username.


Note: The number provided here is the maximum number of simultaneous, distinct, sessions allowed for any given username.
Zero (0) will allow unlimited simultaneous sessions.


Note: You also have the ability to review user sessions.

For further reading on User Sessions, read the blog article here.