diff --git a/src/lib/routes/auth/simple-password-provider.ts b/src/lib/routes/auth/simple-password-provider.ts
index a3a45b00ebad..bfd8d8b7e76d 100644
--- a/src/lib/routes/auth/simple-password-provider.ts
+++ b/src/lib/routes/auth/simple-password-provider.ts
@@ -60,8 +60,12 @@ export class SimplePasswordProvider extends Controller {
         res: Response<UserSchema>,
     ): Promise<void> {
         const { username, password } = req.body;
+        const userAgent = req.get('user-agent');
 
-        const user = await this.userService.loginUser(username, password);
+        const user = await this.userService.loginUser(username, password, {
+            userAgent,
+            ip: req.ip,
+        });
         req.session.user = user;
         this.openApiService.respondWithValidation(
             200,
diff --git a/src/lib/services/user-service.ts b/src/lib/services/user-service.ts
index 518cd48c5142..1b2539f58d99 100644
--- a/src/lib/services/user-service.ts
+++ b/src/lib/services/user-service.ts
@@ -393,7 +393,11 @@ class UserService {
         );
     }
 
-    async loginUser(usernameOrEmail: string, password: string): Promise<IUser> {
+    async loginUser(
+        usernameOrEmail: string,
+        password: string,
+        device?: { userAgent: string; ip: string },
+    ): Promise<IUser> {
         const settings = await this.settingService.get<SimpleAuthSettings>(
             simpleAuthSettingsKey,
         );
@@ -417,12 +421,22 @@ class UserService {
             const match = await bcrypt.compare(password, passwordHash);
             if (match) {
                 const loginOrder = await this.store.successfullyLogin(user);
+
+                const sessions = await this.sessionService.getSessionsForUser(
+                    user.id,
+                );
+                if (sessions.length >= 5 && device) {
+                    this.logger.info(
+                        `Excessive login (user id: ${user.id}, user agent: ${device.userAgent}, IP: ${device.ip})`,
+                    );
+                }
+
                 const deleteStaleUserSessions = this.flagResolver.getVariant(
                     'deleteStaleUserSessions',
                 );
                 if (deleteStaleUserSessions.feature_enabled) {
                     const allowedSessions = Number(
-                        deleteStaleUserSessions.payload?.value || 30,
+                        deleteStaleUserSessions.payload?.value || 5,
                     );
                     // subtract current user session that will be created
                     const deletedSessionsCount =
@@ -433,6 +447,7 @@ class UserService {
                     user.deletedSessions = deletedSessionsCount;
                     user.activeSessions = allowedSessions;
                 }
+
                 this.eventBus.emit(USER_LOGIN, { loginOrder });
                 return user;
             }