Spring mvc 4 Concurrent Session Control

Question

I have read on this site and docs on setting concurrent session control which I did not know Spring handles so well.

Examples: Question 1 Question 2 amongst others....

However I cannot find how to do do so programatically (not application context) in Spring version 4 controller (spring 4 - annotated).

<http>
  ...
   <session-management>
     <concurrency-control max-sessions="1" />
   </session-management>
</http>

I have read about ConcurrentSessionControlAuthenticationStrategy, ConcurrentSessionControlStrategy, CompositeSessionAuthenticationStrategy but have not been able to implement. What I am trying to do is make sure a user can only log-in once and if someone else logs in with same username it give them an error page.

Appreciate any help or advice...

score 0 · Answer 1 · answered Nov 10 '15 at 09:34

0

This is what I have in my app. This gives an error to any attempt to login if there is a valid session

...security:concurrency-control max-sessions="1" error-if-maximum- exceeded="true"..

answered Nov 10 '15 at 09:34

Filippo Fratoni

379
2
7

I mentioned NOT in XML -> only programatically. – Afshin Ghazi Nov 10 '15 at 09:47

score 0 · Answer 2 · edited May 23 '17 at 12:04

0

hopefully you can do this by implementing javax.servlet.http.HttpSessionBindingListener interface and register it as a ServletContext listener through java configuration.

Refer: How to invalidate another session when an user is logged in twice?

edited May 23 '17 at 12:04

Community

1
1

answered Nov 10 '15 at 12:36

Lovababu Padala

2,415
2
20
28

Thanks for the answer but I am trying to keep out the new user not kick out the original logged-in user. – Afshin Ghazi Nov 10 '15 at 19:04
Of course that is up to you, If you find that the same user trying to login again either you can invalidate newly created session or existing one. – Lovababu Padala Nov 12 '15 at 07:20

Spring mvc 4 Concurrent Session Control

2 Answers2