I’ve been doing some security research for lack of a better term in our database re: specific users and how they access the site.
In the wp_usermeta table in the WordPress database, I recently noticed a user with multiple session_tokens rows. All other users have one session_tokens row in the wp_usermeta table except for this user. The information in each of the session_tokens rows for this user is exactly the same. I recently forced a log out (through the dashboard) for this user for various reasons, and today I noticed this. Is this normal?
To me it seems odd there would be multiple rows for the session_tokens value for a user, but maybe it’s just related to the force logout method? I had not done this before.