Disable multiple logins for same user in spring security + spring boot

Question

Disable multiple logins for same user in spring security + spring boot

Asked by Durga At 24 May at 10:22

I have the below spring configuration :-

static SessionRegistry SR;
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
    .authorizeRequests()
    .antMatchers("/", "/forgotPwd", "/resetPwd").permitAll()
    .anyRequest().authenticated().and().formLogin().loginPage("/login")
    .defaultSuccessUrl("/home").failureUrl("/login?error").permitAll()
    .successHandler(authenticationSuccessHandler) // autowired or defined below
    .and().logout()
    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
    .logoutSuccessHandler(myLogoutSuccessHandler)
    .permitAll()
    .and().sessionManagement()
    .maximumSessions(1)
    .maxSessionsPreventsLogin(true)
    .sessionRegistry(SR);
    }
    @Bean
    public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() {
    return new ServletListenerRegistrationBean<HttpSessionEventPublisher>(new HttpSessionEventPublisher());
  }

I was expecting sessionManagement().maximumSessions(1) to disable multiple login for the same user. It is working, but first user logout the application, so i am trying login in another browser but it showing This account is already using by someone.

Kindly request you to let me know where its going wrong.

Original Q&A

TechQA.

Linked Questions

Popular Questions

Disable multiple logins for same user in spring security + spring boot

Related Questions