With this option we protect Joomla user sessions. If Forbid concurrent user logins is enabled, an user can not start concurrent sessions in the site. When a user tries to log in in the site from two different locations, both sessions are closed and the user obtains a 403 error page. With Session hijack protection enable we add an extra feature to protect sessions from hijacking checking IP address and User-agent of every legitimate session started in the site. In the Groups to apply protection field we can choose to which groups apply above features (Guest groups is not listed and, by default, both features will be aplied to Super Users group).