Prevent same user logged in simultaneously

for sure, but I want to avoid having a user pretending that a transaction that he recorded in FA was done by another user. Now, having more than 10 users, it can become quite tempting to use some else credentials when one is not too sure about a transaction.

Obviously, trust is important and if someone wants to do evil he will always find a way, but if at least i could prevent it while they are logged in, it would be a great step for a better security.

I found this problem too.

It's possible for two users to log into FA with the same password.  Yes, users can have unique passwords but security is improved by not allowing simultaneous log in with the same password.
Other accounting software I know does not allow 2 logins at the same time with same password.

Logging the IP address does not hurt, but for users in a small office behind a NAT router connecting to a remote server (not at all an unlikely scenario) it does not help either. And in the case of dynamically assigned addresses, the log would need to be matched against the logs from the DHCP server. I'm not sure how many companies would even keep such a log.

As for duplicated sessions, the usual way to handle them is to destroy/invalidate the first when the second is created. That way a user can log on from home even if he left the office computer logged in. (FA does have a session timeout which allows this, as long as the value is not set too high.)

The answer is still to have one account per user. And hold the user responsible for anything done using that account.

All the points discussed are valid.  However, FA would have better security if it were not possible for multiple logins using the same password.  (I'm not a programmer and have no clue how to make the changes needed to prevent multiple log in using same password)

You keep saying FA would have better security but not really explain why or give a scenario where this feature will improve anything .

As far I understand, your problem is that multiple user use the same account, meaning they are sharing password.
Now, if you telling them to not share password is not enough, do you think your solution will stop them to share password anyway ?

What will probably happen is all of your users will have  a common pool of logins and use the first available (if they work in the same room they'll just shout and ask which logins are used or which are available, if they don't work in the same room, then should have shared the password initially).

What I mean here, is if your users wants to share accounts, because that's the way they work, what ever you do, they'll find a way to carry on sharing user.  If they don't naturally log with their account but feel need to share them, there is probably a reason :
- maybe there is not enough computer per user
- maybe they don't have enough memory to remember their password
- maybe they share computers because for example one is more convenient than other (near the printer, near the packing area etc ...) etc ...

Until you find this reason(s), you won't be able to solve the problem.
They don't share login, just because they can, but because it's better for them and suit their workflow.
Stopping them to do so, won't make change their workflow to what you want, but only annoy them and slow down their  own workflow. So you need to convince them that your workflow is better.
Believe me, I have enough experience in in-house software to know that when users don't use the system as designed for, it's really hard to make them change.  As I said, they usually have a good (or valid) reason for it, and as they know their are not using the system as it should be , they usually lie when you ask them what they do : they answer what they think you want to ear not what they are effectively doing, which makes the problem really hard to track.

Moreover as apmuth said, if the first logged session as the priority, what do you  do when you moved to another computer and didn't logout from the previous one ? (The answer is simple, you ask your workmate is login and password ;-))
Other solution : new session kills all opened session, what happen when you spent 30mn entering an order and when you press the submit button,  you get a nice error message telling you that your session got killed because someone logged using your login ( after all everybody knows everybody password in your company, what should it changes ? especially since FA implements this new killer feature giving "better security").

/Elax

Thanks elax, this is excellent explanation.

@MarkAndrew, mustafa et all
As elax clearly stated, this is not FrontAccounting application problem, but problem of security policy as it is implemnted in your company.

Janusz