May 19th, 2009, 02:12 AM
ERROR: Maximum sessions of 1 for this principal exceeded
right now, I set exception-if-maximum-exceeded is true, it works fine when the two same user try to login at same time. But when I login in at IE successful, and close browser, I will get same error:ERROR: Maximum sessions of 1 for this principal exceeded when I try to open one new browser and login again. Until this session timeout or restart app server.
Is it possible clear up this session at server side after I close browser?
Anyone can advise on it.
May 20th, 2009, 09:52 PM
I had the same problem
May 21st, 2009, 10:28 PM
Actually I have added listener in the web.xml
But my issue is different with that. My question is how spring security to detect the session is invalid if the client side close the browser. Since my set is not allow two concurrent session at the same time, but if spring security does not clear the session when client close the browser, the second request cannot be allowed to login. I don't think it is correct behavor. So guess there have some settings need to be config. Any advise on it or it does not be support from spring security at all?
May 21st, 2009, 11:24 PM
Your server would need to know that the browser has closed.
You would need to do one of the following:
1) Add a logoff link (The docs cover this)
3) Add a serverside timeout to the session (the docs cover this). If the length is too long the user will need to wait for that time before they can get in again, if it is too short they will time out frequently during normal use of the site.
May 22nd, 2009, 01:23 AM
May 24th, 2009, 03:27 PM
May 24th, 2009, 10:12 PM
It's ok. many thanks