App Engine & Spring Security: Concurrent Sessions
I am implementing my GAE + GWT Application Authentication Layer with Spring Security. My question is about concurrent sessions for one user profile. At the same time, I want to deny any loglog user twice with the same account.
After some research, I found that I can do this in Spring Security using:
web.xml
<listener>
<listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
</listener>
And in applicationContext.xml
<session-management>
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
The HttpSessionEventPublisher will receive the event when sessionDestroyed () is called on the HttpSessionListener. But as far as I know, App Engine never calls it. There is a problem about this
How do I set the session concurrency limit with Spring Security and App Engine?
source to share
I don't think this will work, GAE is a cloud-based solution and it populates various http sessions through the multi-virtual JVM, storing the sessions in the datastore and then propagating them across other instances, it works great in your development environment, but you drop down to live server, so I can't resolve one solution for session over GAE with spring security.
source to share