This is yet another interesting encounter at work sometime back. which user to throw out !
let me explain.

Let us say that a web app allows a user to be logged in only once at any given time. Now if the same userID tries to login again, should this attempt fail and retain the already logged user OR should the already logged user be thrown out and the last one wins ?

Commonsense suggests that subsequent attempts at login with the same userID (that is already logged in) should fail. This assumes that the first login is genuine and subsequent attempts are deliberate.

Another reason why subsequent attempts should fail is that, assume it is not that way, then first login succeeds-> second attempt succeeds throwing out the first one -> third attempt succeeds throwing out the second one -> … But why would a user play with himself like this ? Anyway then it is better that subsequent login attempts fail.

Time to make some more of the context clear. The web app is being used by school going kids. Their usage pattern is that kids login in school do some work online. Then come home and continue some stuff online (from home). Since school kids need to workout problems, the idle timeout of the web app is set to a rather high value ( 2 – 3hrs).

Given the above context, it makes sense that the last-one-wins approach is more appropriate. This is so because, kids forget to logout in the school and not even close the browser and so when they are back home they are unable to login till their idle timeout of the session (created in school) expires.

Quite a nice experience where a slight twist in the context made a seemingly inappropriate solution a preferred one.