Spring Max Max Security Login

Question

Spring Max Max Security Login

I have a problem with my j2ee application using spring security. I am setting up max sessions in parallel session management mode 1. Now it works fine when I try to log in a second time when it stops me. But when I log out and try to log in, I still get this message.

Your login attempt was not successful, please try again. Reason: Maximum sessions 1 for this principal exceeded

I have it in my http security

<security:logout logout-url="/logout.do" invalidate-session="true" logout-success-url="/logoutSuccess.do" /> <security:concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" expired-url="/loginform.do" />

+4

spring security

cedric Jan 4 '10 at 6:39

source share

3 answers

make sure the error page is not cached (press F5) and look in the logs to see if the failure works.

0

rodrigoap Jan 4 '10 at 15:39

source share

Make sure your Spring Security Filters run before your Struts Filter.
Set a breakpoint in Spring Security's LogoutFilter.doFilterHttp method . Make sure the part is working correctly.

0

lsiu Jan 7 '10 at 1:29

source share

ajduff574 · Accepted Answer · 2010-09-08T19:48:48+0000

It's been quite a while since you posted this, but if anyone else has this problem, I believe that this behavior will happen if you don't add org.springframework.security.web.session.HttpSessionEventPublisher as a listener to your web.xml.

Look here :

Adding a listener to web.xml causes the ApplicationEvent to be published to the Spring ApplicationContext every time an HttpSession starts or ends. This is critical because it allows SessionRegistryImpl to be notified of the end of the session. Without it, the user will never be able to log in again after exceeding their discount rate, even if they log out of another session or time runs out.

Spring Max Max Security Login

More articles: