At the time of IS Audit, it is observed that the application allows Multiple Login Session.One User can open Multiple Sessions using same User ID and Password.
Absence of User mananagement procedure may lead to unauthorised user activities/misuse of authorised users.
So application should not allow multiple login session.Application should give the alert "User Already Logged ON". Alternatively, Application should auto kill earlier session with the warning or option to the user to terminate the session.
SBI Service Desk Administration Team