Title: Plugin creating multiple sessions Last modified: April 19, 2019 --- # Plugin creating multiple sessions * Resolved [robertabela](https://wordpress.org/support/users/robert681/) * (@robert681) * [6 years, 11 months ago](https://wordpress.org/support/topic/plugin-creating-multiple-sessions/) * Hello, * I am using a plugin to see the sessions of logged in users. I’ve noticed that this plugin is creates two sessions during a login, so for every user logged in in the WordPress database we can see two logged in sessions. * Is this by design or it is an issue? * Thank you. Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [Kaspars](https://wordpress.org/support/users/kasparsd/) * (@kasparsd) * [6 years, 11 months ago](https://wordpress.org/support/topic/plugin-creating-multiple-sessions/#post-11453495) * [@robert681](https://wordpress.org/support/users/robert681/) Yes, the plugin creates the first session when you enter the username/password [which is then invalidated for the second-factor entry](https://github.com/georgestephanis/two-factor/blob/ea5c3f005da08e7619e5d839d5bbd06e3f545bcf/class.two-factor-core.php#L233-L242). We need to do that since [WordPress sends the authentication cookies before it triggers `wp_login`](https://github.com/WordPress/WordPress/blob/d4d12678470e8000ffefbff8c0d097655d5ae88c/wp-includes/user.php#L101-L110). * Thread Starter [robertabela](https://wordpress.org/support/users/robert681/) * (@robert681) * [6 years, 11 months ago](https://wordpress.org/support/topic/plugin-creating-multiple-sessions/#post-11454059) * Thanks for the detailed answer [@kasparsd](https://wordpress.org/support/users/kasparsd/) * Since the first session is invalidated for the second-factor entry, how come it is still shown as a valid session in the database? * I’m just trying to understand how to better monitor the logged in sessions with our plugin. * Plugin Contributor [George Stephanis](https://wordpress.org/support/users/georgestephanis/) * (@georgestephanis) * [6 years, 11 months ago](https://wordpress.org/support/topic/plugin-creating-multiple-sessions/#post-11455458) * I’m not sure. It can probably be voided, tbh, I think the code may predate the multiple session management in core though. * Thread Starter [robertabela](https://wordpress.org/support/users/robert681/) * (@robert681) * [6 years, 11 months ago](https://wordpress.org/support/topic/plugin-creating-multiple-sessions/#post-11461572) * Thanks for your answer [@georgestephanis](https://wordpress.org/support/users/georgestephanis/) * We can configure the plugin to delete one of the sessions, however it would be too risky. The chances of deleting a valid session especially on a busy website are too high. * Is there an option for us (we can even contribute to the code if you want) to delete the first invalidated session once the second one (with 2FA) is successfully authenticated? * If we do so the DB will be cleaner and the records of logged in sessions will be correct. * Thoughts? Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Plugin creating multiple sessions’ is closed to new replies. * ![](https://ps.w.org/two-factor/assets/icon.svg?rev=2887448) * [Two Factor](https://wordpress.org/plugins/two-factor/) * [Frequently Asked Questions](https://wordpress.org/plugins/two-factor/#faq) * [Support Threads](https://wordpress.org/support/plugin/two-factor/) * [Active Topics](https://wordpress.org/support/plugin/two-factor/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/two-factor/unresolved/) * [Reviews](https://wordpress.org/support/plugin/two-factor/reviews/) * 4 replies * 3 participants * Last reply from: [robertabela](https://wordpress.org/support/users/robert681/) * Last activity: [6 years, 11 months ago](https://wordpress.org/support/topic/plugin-creating-multiple-sessions/#post-11461572) * Status: resolved