Spring security 3.1 : session concurrency control not working, why?

Question

I\'m trying to use security concurent session with spring security 3.1.4. But it\'s not working i don\'t understand why. Tomcat https is configured to redirect http request

Answer 1

You have a custom principal object (of type com.clb.genomic.lyon.model.User) which will be used as the SessionRegistry key. The most likely reason for what you're seeing is that you haven't implemented hashcode and equals for this class and thus the registry doesn't know that the two instances are for the same principal.

The best way to do this without causing any problems is to implement the methods using the username as the only data (see the default User object for an example).

You should probably also implement toString to at least output the username as it will make reading debug logs easier.