发表新帖
发表新帖

How to limit only one session per user and block the subsequent login attempt?

前端 未结
关注
1 2101
孤城傲影
孤城傲影 2021-02-10 23:14

The default behavior of concurrency control is to expire the original session. However, I would like to block the second user which is logging in with the same credentials with

1条回答
  • 臣服心动
    臣服心动 (楼主)
    2021-02-10 23:53

    The solution is in the documentation:

    Often you would prefer to prevent a second login, in which case you can use

    
  ...

    The second login will then be rejected. By “rejected”, we mean that the user will be sent to the authentication-failure-url if form-based login is being used. If the second authentication takes place through another non-interactive mechanism, such as “remember-me”, an “unauthorized” (402) error will be sent to the client. If instead you want to use an error page, you can add the attribute session-authentication-error-url to the session-management element.

    So basically set error-if-maximum-exceeded to "true" and remove expired-url attribute from .

    0 讨论(0)
 看不清?
提交回复
热议问题