Announcement Announcement Module
Collapse
No announcement yet.
Session management not working in new tab Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Session management not working in new tab

    Recently i tried sample login application using spring security 3.
    In that i am using concurrency control max sessions 1. But its working in different browsers.
    if i tried in same browser or new tab its allowing more than 1 session per user.
    My configurations
    -------------------------------------------------------------
    security.xml
    ------------
    <session-management session-fixation-protection="migrateSession" invalid-session-url="/index.jsp">
    <concurrency-control max-sessions="1"
    error-if-maximum-exceeded="true" />
    </session-management>
    web.xml
    --------
    <session-config>
    <session-timeout>30</session-timeout>
    </session-config>

    is there any configuration mismatch.

  • #2
    Browsers reuse the same session when using a tab. You can inspect the HTTP request and see that the same JSESSIONID is being submitted on each request.

    Comment


    • #3
      Hi,

      I am using spring security in my application. Its working fine, But i have one problem. In this application implemented concurrent session 1. after i logged into application, opened new tab and login with same user. It is redirecting to success page.Here concurrent session not working. if i open in another browser without logout from previous session then spring security not allowed me to login. Concurrent session is working in different browser fine. But in same browser its not working.
      Please suggest any configuration to add.
      Security Config file:
      <security:http pattern="/login.jsp*" security="none" />
      <security:http use-expressions="true" auto-config="true" create-session="always">
      <security:intercept-url pattern="/**" access="isAuthenticated()" />
      <security:form-login default-target-url='/welcome.htm' authentication-failure-url="/login.jsp?error=true"/>
      <security:logout invalidate-session="true" logout-success-url="/login.jsp" delete-cookies="JSESSIONID"/>

      <security:session-management session-fixation-protection="none" invalid-session-url="/login.jsp" >
      <security:concurrency-control max-sessions="1"
      error-if-maximum-exceeded="true" />
      </security:session-management>
      </security:http>
      Last edited by [email protected]; Jun 24th, 2013, 03:19 AM.

      Comment

      Working...
      X