Simultaneous Session Logon : Improper Session Management

Hi, I would like to report this bug related to improper simultaneous logon. Issue: 1) When a user is logged in to the application (already authenticated), visits the login page https://coinbase.com/signin he/she should directly get redirected to their home page as there is already a session running for the same user, but this is not happening in coinbase website. 2) If one already logged in user visits the login page and enter the credentials to login as a different user, he gets logged in (provided the credentials are correct), but the session of the older user account is still alive this might cause session hijacking. 3) As already logged in users can also visit the login page again and re-authenticate themselves, the activities page shows one more session running for the same account whereas the session identifier is same for all the sessions. I have tried showing all the three issues in the POC, please let me know if you need the POC video as i can't upload it here because of some issues. Root Cause: I guess for simultaneous session logon you guys are not using the device id parameter, hence same user can reauth himself again and again from the same device. Secondly,. the login page is not checking whether the user already have an active session or not and hence redirecting.