![Workshop-Software_Logo_Horiz_Green.png]](https://knowledgebase.workshopsoftware.com/hs-fs/hubfs/Workshop-Software_Logo_Horiz_Green.png?height=25&name=Workshop-Software_Logo_Horiz_Green.png){kind=logo}
How the Customer Portal Login and Sessions Work
Source: `customer_portal_sessions_controller.rb`
- Portal login uses case-insensitive username matching, so "JohnSmith" and "johnsmith" are treated as the same account
- After the maximum number of failed login attempts, the account is locked out for exactly 30 minutes; this lockout duration is not configurable
- A successful login resets the failed attempt counter and clears any lockout timer
- The portal user must be in active status to log in; login is blocked if the linked customer record is deleted or archived
- Only one active portal session is allowed per user at a time; logging in from a new location or device destroys the previous session
- Portal sessions time out after 60 minutes of inactivity
Support scenarios
- "Customer says they're locked out of the portal" → The account locks after max failed attempts for 30 minutes. Either wait 30 minutes for automatic unlock, or check if the linked customer is deleted/archived which would permanently block login.
- "Customer says they keep getting logged out" → Only one active session is allowed per portal user. If they log in from another device or browser, the previous session is destroyed. Also, sessions time out after 60 minutes of inactivity.
- "Customer can't log in but the password is correct" → Check if the portal user is active and whether the linked customer is deleted or archived. Both conditions block login regardless of correct credentials.