Announcement Announcement Module
Collapse
No announcement yet.
Session Concurrency not working with URL based session tracking Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Session Concurrency not working with URL based session tracking

    Hi,

    I am using URL bases session tracking by disabling cookies in context.xml.

    Now in implementation of Session concurrency I am facing problem. It throws me on login page when my application tries to go on next page after successful login. Let me be clear that it authenticates successfully.

    In debugging I got to know that the request of page that fires after successful authentication has session null in its request. And so it throws me to login page due to no authenticated session.

    I followed steps given in Spring Security doc and updated in my applicationContext-security.xml for,

    Code:
    <http auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint"  access-denied-page="/403.jsp">
            <logout logout-success-url="/index.jsp"/>
            <custom-filter ref="concurrentSessionFilter" position="CONCURRENT_SESSION_FILTER" />
            <custom-filter ref="authenticationProcessingFilter" position="FORM_LOGIN_FILTER"/>
            <session-management session-authentication-strategy-ref="cscs" />
    </http>
    
    <beans:bean id="concurrentSessionFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
            <beans:property name="sessionRegistry" ref="sessionRegistry" />
            <beans:property name="expiredUrl" value="/sessionError.jsp" />
    </beans:bean>
    
    <beans:bean id="cscs" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
            <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
            <beans:property name="maximumSessions" value="1" />
    </beans:bean>
    
    <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
    
    <beans:bean id="authenticationProcessingFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
            <beans:property name="sessionAuthenticationStrategy" ref="cscs" />
            <beans:property name="authenticationManager" ref="authenticationManager"/>
            <beans:property name="authenticationFailureHandler" ref="authenticationFailureHandler"/>
            <beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/>
    </beans:bean>
    
    <beans:bean id="authenticationProcessingFilterEntryPoint"
                    class="org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint">
            <beans:property name="loginFormUrl" value="/index.jsp"></beans:property>
    </beans:bean>
    I have also put listener in web.xml that fires session creation and destroy event,
    Code:
        <listener>
            <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
        </listener>
    I am debugging more and if any one need more detail about this, I am open to discuss.

    I need to solve this. (Session Concurrency with URL session tracking)
    So any help or discussion will be pleased...
Working...
X