Just a small clarification, we restricting the concurrent users by a role. In other words, we are counting the concurrent users in the Backend role. These are only users that can have permission to access the administration.
Wait, so you mean if a user with the Backend Role is logged in anywhere on the site (not even IN the backend?)
If the above is the case, I'm floored...how could you ever use it for a private login required site and still build modules against it?
We have updated the RC thread, but I am posting this here as well:
Any user belonging to the Backend Users role or to the Administrators role who authenticates within a Sitefinity 4.0 website is counted towards the concurrent user limitation. It doesn’t matter whether this backend or admin user authenticates by logging into the public facing website, backend administration area, or a third-party application using our RESTful Web Service APIs. That user is removed from the concurrent users count when he personally logs off, he is forcefully logged off by an administrator, or his session expires. The session expiration time can be controlled from the configuration settings of Sitefinity.
It becomes a massive issue when you want to make a site in which people want to be logged in so they can have personal preferences. Like take telerik.com for example.