Announcement Announcement Module
No announcement yet.
Maximum sessions of 1 for this principal exceeded Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Maximum sessions of 1 for this principal exceeded

    hello ;
    i need your help
    i'm using spring security 3.0.5
    remember-me with session control
    i note that in my controller i use an HttpSession to store data
    in my spring-security.xml i have

    <remember-me key="keys" token-validity-seconds="60"/>
    <session-management invalid-session-url="/index.htm">
    <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />

    in web.xm i have or.spring......web.session.HttpSessionEventPublish er

    but when i close the browser and open it
    i get this error :

    authentication failur: Maximum sessions of 1 for this principal exceeded

    like it try to login again with the previous cookies of remember-me
    any helpe please ?

  • #2
    any one here !!!!!!!!!!!!!!


    • #3
      Use the search...

      The fact that you close your browser doesn't destroy the serverside session you do however remove the connection between the client and server (the cookie storing the sessionid is removed). This leads to the server thinking that you are connecting with a new browser.

      This is a fact and you can login again after the session timeout it has nothing to do with your remember-me cookies or whatever.

      There is however no solution for this (at least not one that is 100% watertight), you could create a javascript hack which prevents the browser from closing (you can show a popup) but that isn't a really reliable solution. (And basically website/-apps that do this are really anoying IMHO).


      • #4
        i understand