From 9ea46b9e17c82ae276d13d32647bf4c8d0c10ac3 Mon Sep 17 00:00:00 2001
From: Bill Thornton <billt2006@gmail.com>
Date: Mon, 11 Sep 2023 10:49:01 -0400
Subject: [PATCH] Remove existing sessions for a user on the same device on
 login

---
 .../Session/SessionManager.cs                  | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs
index bbc096a876..b4a622ccf4 100644
--- a/Emby.Server.Implementations/Session/SessionManager.cs
+++ b/Emby.Server.Implementations/Session/SessionManager.cs
@@ -1509,14 +1509,20 @@ namespace Emby.Server.Implementations.Session
                 new DeviceQuery
                 {
                     DeviceId = deviceId,
-                    UserId = user.Id,
-                    Limit = 1
-                }).ConfigureAwait(false)).Items.FirstOrDefault();
+                    UserId = user.Id
+                }).ConfigureAwait(false)).Items;
 
-            if (existing is not null)
+            foreach (var auth in existing)
             {
-                _logger.LogInformation("Reusing existing access token: {Token}", existing.AccessToken);
-                return existing.AccessToken;
+                try
+                {
+                    // Logout any existing sessions for the user on this device
+                    await Logout(auth).ConfigureAwait(false);
+                }
+                catch (Exception ex)
+                {
+                    _logger.LogError(ex, "Error while logging out existing session.");
+                }
             }
 
             _logger.LogInformation("Creating new access token for user {0}", user.Id);