问题
I'm using spring security 3.1.4 and i would like to limit the number of session per user to 1 but if someone tries to log in it will close the old session and open a new one (instead of not allowing to log in) how can i do this?
EDIT: this is what i added to the xmls: web.xml
<listener>
<listener-class>
com.net.filter.session.SessionListener
</listener-class>
</listener>
SessionListener extends HttpSessionEventPublisher
security.xml
<security:intercept-url pattern="/**"
access="isAuthenticated()" />
<security:session-management>
<security:concurrency-control
max-sessions="1"/>
</security:session-management>
<security:form-login
authentication-success-handler-ref="playerAuthenticationSuccessHandler" />
<security:logout logout-url="/player/logout"
success-handler-ref="playerLogoutSuccessHandler" delete-cookies="JSESSIONID" />
</security:http>
<bean id="bCryptPasswordEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
<security:authentication-manager>
<security:authentication-provider
ref="authenticationProvider">
</security:authentication-provider>
</security:authentication-manager>
were playerAuthenticationSuccessHandler, authenticationProvider and playerLogoutSuccessHandler extends the spring defaults.
来源:https://stackoverflow.com/questions/20953904/spring-security-max-session-allowed