I have web application, in which I have used Spring framework. For the concurrent session control I have use spring feature where only 1 logged in session will be maintained for 1 user as soon as that user logs in to another session , he/her previous session will be expired.
Now in this case I am getting this message "This session has been expired (possibly due to multiple concurrent logins being attempted as the same user)."
But I get this message on complete white page on browser. I want this message to come on my login screen only.
Here is the part of my spring security xml where I have handled concurrent session for user.
<security:session-management invalid-session-url="/login.jsp?error=sessionExpired" session-authentication-error-url="/login.jsp?error=alreadyLogin">
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="false" />
</security:session-management>
Any links specially for customizing this message and redirecting this message on desired web application page will be appreciated.
Thanks in advance.
Concurrent Session Control When a user that is already authenticated tries to authenticate again, the application can deal with that event in one of a few ways. It can either invalidate the active session of the user and authenticate the user again with a new session, or allow both sessions to exist concurrently.
In order to implement this functionality, you can use the <concurrency-control> tag.
Spring Security Session Timeout In the case of Tomcat we can set the session timeout by configuring the maxInactiveInterval attribute on the manager element in server. xml or using the session-timeout element in web. xml. Note that the first option will affect every app that's deployed to the Tomcat instance.
Original XML entry in spring-security.xml
<security:session-management session-authentication-error-url="/login.jsp?error=alreadyLogin">
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="false" />
</security:session-management>
Just You have to added following parameter in xml to redirect the Login expired action or invalid session url
expired-url="url value"
invalid-session-url="url value"
Modified XML entry
<security:session-management invalid-session-url="/login.jsp?error=sessionExpired" session-authentication-error-url="/login.jsp?error=alreadyLogin">
<security:concurrency-control max-sessions="1" expired-url="/login.jsp?error=sessionExpiredDuplicateLogin" error-if-maximum-exceeded="false" />
</security:session-management>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With