App Engine & Spring Security: Concurrent Sessions

I am implementing my GAE + GWT Application Authentication Layer with Spring Security. My question is about concurrent sessions for one user profile. At the same time, I want to deny any loglog user twice with the same account.

After some research, I found that I can do this in Spring Security using:




And in applicationContext.xml

<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />


The HttpSessionEventPublisher will receive the event when sessionDestroyed () is called on the HttpSessionListener. But as far as I know, App Engine never calls it. There is a problem about this

How do I set the session concurrency limit with Spring Security and App Engine?


source to share

1 answer

I don't think this will work, GAE is a cloud-based solution and it populates various http sessions through the multi-virtual JVM, storing the sessions in the datastore and then propagating them across other instances, it works great in your development environment, but you drop down to live server, so I can't resolve one solution for session over GAE with spring security.



All Articles