I am having the same problem with the same entries in my web.xml and applicationContext-security.xml. I followed the security documentation. Any resolution to this?
I have debugged through HttpSecurityBeanDefinitionParser and see that that "sessionControlEnabled" is set to true, do it is reading my
It's as if the listener in my web.xml is not being triggered:
<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" session-registry-ref='sessionRegistry'/>