[docs] Document new maxSessions config option (#151268)

docs/settings/security-settings.asciidoc

@@ -210,6 +210,12 @@ Sets the interval at which {kib} tries to remove expired and invalid sessions fr
 +
 TIP: Use a string of `<count>[ms\|s\|m\|h\|d\|w\|M\|Y]` (e.g. '20m', '24h', '7d', '1w').
 
+xpack.security.session.сoncurrentSessions.maxSessions::
+Set the maximum number of sessions each user is allowed to have active at any given time.
+By default, no limit is applied.
+If set, the value of this option should be an integer between `1` and `1000`.
+When the limit is exceeded, the oldest session is automatically invalidated.
+
 [[security-encrypted-saved-objects-settings]]
 ==== Encrypted saved objects settings
 

docs/user/security/session-management.asciidoc

@@ -49,3 +49,18 @@ You can configure the interval at which {kib} tries to remove expired and invali
 xpack.security.session.cleanupInterval: "1d"
 --------------------------------------------------------------------------------
 --
+
+[[session-max-sessions]]
+==== Maximum number of concurrent sessions
+By default, there is no limit to the maximum number of concurrent sessions each user can have in {kib}.
+To add a limit, use the `xpack.security.session.сoncurrentSessions.maxSessions` configuration option.
+If set, the value of this option should be an integer between `1` and `1000`.
+When the limit is exceeded, the oldest session is automatically invalidated.
+
+--
+[source,yaml]
+--------------------------------------------------------------------------------
+xpack.security.session.сoncurrentSessions:
+  maxSessions: 3
+--------------------------------------------------------------------------------
+--