Yes. The requester timeout for our app is 30 mins.
Our client has raised the issue of same user being able to login to Pega from multiple sessions. They have raised this as a security vulnerability and expects that when user logs in to a new session his previous session gets invalidated immediately. Is this possible to achieve.