[Spring] [Scurity] Synchronize session control. Prevent a user from logging on multiple times
Assuming you want to limit the ability of an individual user to log into your program only once, Spring security supports this by adding the following simple sections.
1. You need to add the following listeners to your Web. xml file to have spring security get the session lifetime event:
<listener>
<listener-class>
Org.springframework.security.ui.session.HttpSessionEventPublisher
</listener-class>
</listener>
2, control the single user can only log in to your program once the two control methods
2.1, the second login will make the first login invalid.
And then. In your Application_context add for example the following sections:
...
<concurrent-session-control max-sessions= "1"/>
2.2, prevent the second login times wrong, the second login will be blocked.
...
<concurrent-session-control max-sessions= "1" exception-if-maximum-exceeded= "true"/>
[Java] [Spring] [Scurity] Sync session control to prevent a user from logging in multiple times