Announcement Announcement Module
Collapse
No announcement yet.
User keep logged after close browser Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • User keep logged after close browser

    I implemented concurrency control in the SpringSecurity, but when I close the system by closing Chrome and open the system by Firefox, show the message that User is already in session. And when I go back to the system by Chrome, show the message that User is already in session.

    It seems did not kill the session of the User when closing the browser.

    my security.xml:

    Code:
    <security:http auto-config="true" use-expressions="true">
    	
    		<security:intercept-url pattern="/**" access="isAuthenticated()" />
    		
    		<security:form-login login-page="/login" default-target-url="/home" 
    							 authentication-failure-url="/login?logout=true" 
    							 authentication-success-handler-ref="authenticationSuccessHandler"
    							 authentication-failure-handler-ref="authenticationFailureHandler"/>
    		
    		
    		<security:logout logout-url="/j_spring_security_logout" invalidate-session="true" success-handler-ref="logoutHandler"/>
    		
    		<security:session-management> 
    	 			<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/> 
    		</security:session-management> 
    				
    	</security:http>

    I tried removing the session of the User already existing when trying to enter the same User in another session:

    Code:
    sessionRegistry.removeSessionInformation(sessionId);

    but not functioned....


    what can I do to remove the user's session when closing the browser?

    Thanks for your attention!!!

  • #2
    It seems did not kill the session of the User when closing the browser.
    Which is how the browser behaves...

    what can I do to remove the user's session when closing the browser?
    What you are basically requesting is, that you pull the power-plug from the power-socket and that your desktop PC asks you 'are you sure you want to shutdown.'...

    There are some hacks you can do with javascript (onUnload event for instance) however none of them are 100% save or bulletproof.

    I tried removing the session of the User already existing when trying to enter the same User in another session:
    Apart from the fact that this isn't going to work (different session id for same user) if it would work it basically would render your concurrent session control useless.

    Comment

    Working...
    X