I was asked to address "Simultaneous Session Logons" problem in AEM (https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Simultaneous_Session_Logons). I'm looking for a ready solution in OAK for preventing a user account being logged multiple times at once.
I found, that user token are created under "/home/users/c/[user_hash]/.tokens" path, so I was thinking about making a listener that would remove old token if new is created, but I cannot believe that OAK isn't allowing to set up this in some simple way.
I've checked Oak's website but couldn't find anything on that topic. Also searching on google is not helping.
If you have any idea if this can be done in another way than with the mentioned listener, then please share it with me. If you think, that this shouldn't be done, because of some Oak's mechanisms that I might be not aware of, then please warn me.