App Engine & Spring Security: Concurrent Sessions

Question

App Engine & Spring Security: Concurrent Sessions

I am implementing my GAE + GWT Application Authentication Layer with Spring Security. My question is about concurrent sessions for one user profile. At the same time, I want to deny any loglog user twice with the same account.

After some research, I found that I can do this in Spring Security using:

web.xml

<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>     
</listener>

And in applicationContext.xml

<session-management>
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>

The HttpSessionEventPublisher will receive the event when sessionDestroyed () is called on the HttpSessionListener. But as far as I know, App Engine never calls it. There is a problem about this

How do I set the session concurrency limit with Spring Security and App Engine?

+3

spring google-app-engine spring-security session

Rafael Gutierrez 21 Mar 12 at 12:07

source to share

1 answer

Prog mania · Answer 1 · 2012-07-16T11:54:47+0000

I don't think this will work, GAE is a cloud-based solution and it populates various http sessions through the multi-virtual JVM, storing the sessions in the datastore and then propagating them across other instances, it works great in your development environment, but you drop down to live server, so I can't resolve one solution for session over GAE with spring security.

App Engine & Spring Security: Concurrent Sessions

More articles: