Feb 22nd, 2011, 05:59 PM
Spring login error when trying to enforce 1 session only
I am quite new to Spring Security (despite my username!) but am trying to understand what the problem is with our login.
We are using Spring security 2.5 and have a Flex Application that talks to the mySQL database via Java and Toplink. Our basic login page authenticates to a main page. We want to enforce only 1 session per user and we enforce that with this line in the applicationSecurity.xml.
Everything is working fine for the most part - we have a 1 scenario where we are unable to login successfully and get a nasty null error.
Since we want to enforce only 1 session - if I am logged in in 1 browser and then open a new browser and try to go to the main page, it should terminate the 1st session and create a new session. Accessing the main page in the new browser should boot us back to the login page. This is happening - however, when I try to log in from the new browser login page, I always get a null error. It seems like perhaps the old sessionId is not being released or something. I am having trouble figuring out what exactly is happening.
Here is the debug output from the log when we try to go straight to the main page from a new browser right where we get booted back to the login page - Notice the the reference to SessionId: 3DD2A69652966B47EF55797516040C05
(post continues )