Can multiple user share the same session ID?

Knowledge Solutions
1

Problem statement

Can multiple user share the same session ID? Or, is it possible to have multiple users in one session (not concurrently)?

Solution

Short answer is yes. The session_id is not bundled to the user. After an active session is established, if another user login in the context of the session (e.g. sending the session to Auth0), the session will be updated to the new user. This can be achieved by the following methods:

  1. If Seamless SSO is enabled, you can pass the prompt=login to the /authorize reqeust. This will enforce the login page to be displayed, and the user could login via a different account.

  2. If Seamless SSO is disabled, the login page is always displayed, no matter if there is an active session or not. So the user can login via a different account.

1 Like