Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

strange behaviour spring security session concurrency

i find that spring security, session concurrency is very strange.

<sec:session-management>
        <sec:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</sec:session-management>

the code means that, just only one user can log in in time.

  1. i successfully login, than hit logout button. log out is successfully (i don't get my username anymore). but when i try to relogin, i just get exception that maximum session exceeded. is session in spring security is not deleted clearly?
  2. i finish login. and i with out log out, i try to login again. i still can login. but when the second time i to relogin, i get exception that maximum session exceeded. i think it should be rejected to login when first time try to relogin.

thanks for your response Best regards

like image 345
Jeg Bagus Avatar asked Jul 11 '26 07:07

Jeg Bagus


1 Answers

Make sure you didn't forget to configure a listener in web.xml, as required for session management:

<listener>
    <listener-class>
        org.springframework.security.web.session.HttpSessionEventPublisher
    </listener-class>
</listener>
like image 91
axtavt Avatar answered Jul 15 '26 05:07

axtavt



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!