How to limit only one session per user and block the subsequent login attempt?

前端 未结 1 2107
孤城傲影
孤城傲影 2021-02-10 23:14

The default behavior of concurrency control is to expire the original session. However, I would like to block the second user which is logging in with the same credentials with

1条回答
  •  臣服心动
    2021-02-10 23:53

    The solution is in the documentation:

    Often you would prefer to prevent a second login, in which case you can use

    
      ...
      
          
      
    
    

    The second login will then be rejected. By “rejected”, we mean that the user will be sent to the authentication-failure-url if form-based login is being used. If the second authentication takes place through another non-interactive mechanism, such as “remember-me”, an “unauthorized” (402) error will be sent to the client. If instead you want to use an error page, you can add the attribute session-authentication-error-url to the session-management element.

    So basically set error-if-maximum-exceeded to "true" and remove expired-url attribute from .

    0 讨论(0)
提交回复
热议问题