raolyn13

If the problem is the students leaving the machine while logged in, would implementing tighter session timeout work? Like 15 minutes, or so? I came across this discussion because I'm testing a new site for Microsoft Certified Professionals, and the site also allows simultaneous log in from different machines using the same credentials. We can't quite agree on whether/why this is an issue, and I'm wondering if the problem extends beyond someone leaving a machine unlocked while logged in, if there is any other reason why we would want to restrict this. We cetainly don't want to restrict which machines they use to log in, centralization is a part of the benefit of the site. But what other security risks does this pose? Not leaving a machine unlocked while logged in, but just the act of being able to log in on a different machine while already logged in? Thanks!