Announcement Announcement Module
Collapse
No announcement yet.
Concurrent session doesn't quite work with remember me Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Concurrent session doesn't quite work with remember me

    Hi All,

    I have encountered a problem with concurrent session and remember me.

    I limit the maximumSessions to be 1. And it works WELL as follows:
    1. Login from one browser (A) with remember-me enabled
    2. Login from another browser (B) using the same account, with remember-me enabled
    3. Make some secure request from browser A and I will get the session expired message and get logged out.

    But it doesn't work when:
    1. Login from one browser (A) with remember-me enabled
    2. Login from another browser (B) using the same account, with remember-me enabled
    3. Close/reopen browser A (or manually remove JSESSIONID), load the login page from browser A, and get automatically log in because remember-me cookie
    4. Make some secure request from browser B and it STILL WORKS!
    5. Make some secure request from browser A and it STILL WORKS! Now I can access the two browsers simultaneously without any problem. Concurrent session control seems not working any more!!

    Does anyone know why concurrent session control doesn't work when remember-me is used to login?

    Thanks,
    q09876
Working...
X