[8.7] [docs] Document new maxSessions config option (elastic#151268) (e…

…lastic#151492)

# Backport

This will backport the following commits from `main` to `8.7`:
- [[docs] Document new maxSessions config option
(elastic#151268)](elastic#151268)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Thomas
Watson","email":"watson@elastic.co"},"sourceCommit":{"committedDate":"2023-02-16T18:00:13Z","message":"[docs]
Document new maxSessions config option
(elastic#151268)","sha":"e7ebb0cf40d51106aabdcea7a63381df63c5ca3b","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","v8.7.0","v8.8.0"],"number":151268,"url":"elastic#151268
Document new maxSessions config option
(elastic#151268)","sha":"e7ebb0cf40d51106aabdcea7a63381df63c5ca3b"}},"sourceBranch":"main","suggestedTargetBranches":["8.7"],"targetPullRequestStates":[{"branch":"8.7","label":"v8.7.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"elastic#151268
Document new maxSessions config option
(elastic#151268)","sha":"e7ebb0cf40d51106aabdcea7a63381df63c5ca3b"}}]}]
BACKPORT-->

Co-authored-by: Thomas Watson <watson@elastic.co>

docs/settings/security-settings.asciidoc

@@ -210,6 +210,12 @@ Sets the interval at which {kib} tries to remove expired and invalid sessions fr
 +
 TIP: Use a string of `<count>[ms\|s\|m\|h\|d\|w\|M\|Y]` (e.g. '20m', '24h', '7d', '1w').
 
+xpack.security.session.сoncurrentSessions.maxSessions::
+Set the maximum number of sessions each user is allowed to have active at any given time.
+By default, no limit is applied.
+If set, the value of this option should be an integer between `1` and `1000`.
+When the limit is exceeded, the oldest session is automatically invalidated.
+
 [[security-encrypted-saved-objects-settings]]
 ==== Encrypted saved objects settings
 

docs/user/security/session-management.asciidoc

@@ -49,3 +49,18 @@ You can configure the interval at which {kib} tries to remove expired and invali
 xpack.security.session.cleanupInterval: "1d"
 --------------------------------------------------------------------------------
 --
+
+[[session-max-sessions]]
+==== Maximum number of concurrent sessions
+By default, there is no limit to the maximum number of concurrent sessions each user can have in {kib}.
+To add a limit, use the `xpack.security.session.сoncurrentSessions.maxSessions` configuration option.
+If set, the value of this option should be an integer between `1` and `1000`.
+When the limit is exceeded, the oldest session is automatically invalidated.
+
+--
+[source,yaml]
+--------------------------------------------------------------------------------
+xpack.security.session.сoncurrentSessions:
+  maxSessions: 3
+--------------------------------------------------------------------------------
+--