Some customer may find concurrent login for a single user is flagged as a vulnerability. A suggestion is to provide an option to restrict this.
More information needed: Why is this considered a vulnerability in practice? This suggestion needs more concrete rationale before we would consider it.
Workaround: Lowering the default session timeout can mitigate the perceived risk