Announcement Announcement Module
Collapse
No announcement yet.
Session Management Logout Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Session Management Logout

    Hi,
    I am using Spring Security 3.0.3.
    My web.xml file is configured correctly.
    My security application context file is a follows:

    ....
    ...
    <http>
    <x509 subject-principal-regex="(.*)" user-service-ref="userDetailService" />
    ...
    <session-management session-authentication-error-url="invalidSession.html">
    <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
    </session-management>
    </http>

    <authentication-manager alias="authManager">
    <authentication-provider user-service-ref="userDetailsService" />
    </authentication-manager>

    <logout invalidate-session="true" logout-success-url="/logout.html"
    logout-url="/j_spring_security_logout"/>

    ...

    I have backend code that catches the Create and Destroy events for the sessions.
    What I am noticing is if I logout of the system, I see the Destroy event being dispatched with the same session id and user identity, which is what I would expect. However, I am also seeing another session being created. This "new" session then seems to keep me from logging again.
    I would like to be able to logout of my app and immediately login again. It seems that this "new" session is stopping me from logging in again.
    Any suggesstions?
    Thanks
Working...
X