Session authentication error 401 coming for users which are not associated with tokens even.

5.2.3

This has been fixed part of Portal 5.3. 

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-developer-portal/5-3/set-up-and-maintenance/configure-authentication-schemes.html

ENFORCE_SINGLE_SESSION_PER_USER    
Provides the ability to regulate whether you can maintain only one active session simultaneously. Toggle the flag to "true" manually to enable this setting and enforce a single session constraint.

Default value: False

Note:

Every login session from a different browser is considered as a new session. If the feature is enabled, each session is identified as a concurrent session by the Portal.