LOOTOTL - Last One Out Turn Off The Lights

Knocknoc keeps a track of source IP addresses and tries to be kind to users that share IPs. Think: shared office IP NAT address when using an Internet-hosted Knocknoc.

This means that if two users are coming from the same IP, revoking a session for the first user will keep access for the second user in place, until they also log out.

This is the meaning of: Last One Out Turn Off The Lights - if you are last to leave from that IP, only then it is revoked.

A note on usernames and IP address uniqueness

Username information is often provided to the back-end integrated system (eg: firewall etc), meaning entries are unique to an IP address AND a username, eg: "demo-user-1.2.3.4". However depending on the back-end systems ability to handle multiple entries for a single IP address, this information is either de-duplicated on the Server and not sent to the back-end firewall (where it cannot support >1 IP address within its list), or sent as multiple entries for the single IP address but purely to add the users username, for access attribution.

Regardless of the back-ends ability to handle multiple entries, Knocknoc captures and logs entries for users on shared IP address sources.