Hello experts

I have a fairly simple spring-security context as seen below. My requirement is to have different urls for a user when they:

1) log out
2) time out
3) concurrent log in exception

Log out is fine but I cannot get the time out url (sessiontimeout.htm) to work with the max concurrency expired url (duplicatesession.htm). It seems that the invalid-session-url attribute overrides the concurrency expired-url attribute at all times.

Can anyone spot what is going wrong or provide a suggestion please?

Thanks

==================================================

<http use-expressions="true" auto-config="false">

<custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<session-management session-authentication-strategy-ref="sas" invalid-session-url="/sessiontimeout.htm" />
<logout invalidate-session="true" delete-cookies="JSESSIONID" />

<intercept-url pattern="/logon.htm" access="permitAll" />
<intercept-url pattern="/logoff.htm" access="permitAll" />
<intercept-url pattern="/sessiontimeout.htm" access="permitAll" />
<intercept-url pattern="/duplicatesession.htm" access="permitAll" />
<intercept-url pattern="/css/**" access="permitAll" />
<intercept-url pattern="/js/**" access="permitAll" />
<intercept-url pattern="/images/**" access="permitAll" />
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

<form-login login-page="/logon.htm"
login-processing-url="/processlogon.htm"
authentication-details-source-ref="loginPostProcessor"
always-use-default-target="true"
default-target-url="/files/summary.htm"
authentication-failure-url="/logon.htm?error=true" />
</http>

<beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.Co ncurrentSessionFilter">
<beansroperty name="sessionRegistry" ref="sessionRegistry" />
<beansroperty name="expiredUrl" value="/duplicatesession.htm" />
</beans:bean>

<beans:bean id="sas" class="org.springframework.security.web.authentica tion.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<beansroperty name="maximumSessions" value="1" />
</beans:bean>

<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.S essionRegistryImpl" />

==================================================