Thread: Limit to number of logins in x minutes?

Just curious if there is something built in to lock a user out if they login (successfully) multiple times in a short period? We have a customer service rep who gets locked out. They basically logout and login repeatedly over the period of 15 minutes. They do this because they are checking pricing or something and they want to see what an anonymous user would see. Anyway, after so many attempts they get an error saying their login is invalid. They know, and I know, it is valid and ive even tried it myself. At this point it will eventually give you a message saying the account is now locked due to too many attempts. When I login into the admin myself this user is not shown as locked out.

Nope...we don't have anything built in that would mimic that type of behavior. However, depending on how many times (s)he failed the login over a 15 or 30 minute period (i.e. over 25 minutes (s)he logs in 14 times but 4 of those times (s)he mistypes the password) the account may be locked according to the settings in your appconfigs. Under those conditions, looking at the account through the admin section would not show the account as "locked" (that's a setting used to manually lock the account as an admin...it sets the Active field in the customer record to 0) because it just sets the locked until DateTime field to a time x minutes in the future (depending on your appconfig settings). Next time it happens, I would manually take a look at the LockedUntil field in the Customer table to see if it's been updated to a time in the future.