Clever Geek Handbook

Spring Security - failed to login after logout

I want to allow the user to create only one current session. In my case, this only allows the user to create one session, but once the user is logged out, they cannot log in again.

Security config file:

        .and()
    .csrf()
        .and()
    .exceptionHandling()
        .accessDeniedPage("/accessDenied")
        .and()
    .sessionManagement()
        .maximumSessions(1)
        .expiredUrl("/login")
        .maxSessionsPreventsLogin(true)
        .sessionRegistry(sessionRegistry()) ;
}

@Bean
public SessionRegistry sessionRegistry() {
    SessionRegistry sessionRegistry = new SessionRegistryImpl();
    return sessionRegistry;
}

Logout Controller:

@RequestMapping(value="/logout", method = RequestMethod.GET)
public String logoutPage (HttpServletRequest request, HttpServletResponse response) {
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    if (auth != null) {    
        new SecurityContextLogoutHandler().logout(request, response, auth);
    }

    return "redirect:/login?logout";
}

I tried with invalid and destroying cookie as well, but it doesn't work.

+3
java spring-mvc spring-security


source to share


No one has answered this question yet

See similar questions:

1
Spring Security logout does not cancel session

or similar:

36
Using Spring Security Programmatically
13
Security configuration with Spring-boot
8
Spring Security: Custom User Data
3
Spring boot security consider case insensitive username check for login
2
Spring Security OAuth2 SSO with custom provider + logout
2
Spring Security 3.2 and maximumSessions - logout not updating SessionRegistry
1
Unable to access SpringContext after integrating atmosphere framework with Spring MVC
1
Getting Spring Boot Security for Firefox to Work Correctly
0
Spring security cannot login after invalid credentials
-1
Spring Boot Web MVC Allow one user at a time from anywhere


More articles:


All Articles
Loading...
X
Show
Funny
Dev
Pics