How to redirect Spring security concurrent session control 'message' on login screen?
Original XML entry in spring-security.xml
<security:session-management session-authentication-error-url="/login.jsp?error=alreadyLogin">
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="false" />
</security:session-management>
Just You have to added following parameter in xml to redirect the Login expired action or invalid session url
expired-url="url value"
invalid-session-url="url value"
Modified XML entry
<security:session-management invalid-session-url="/login.jsp?error=sessionExpired" session-authentication-error-url="/login.jsp?error=alreadyLogin">
<security:concurrency-control max-sessions="1" expired-url="/login.jsp?error=sessionExpiredDuplicateLogin" error-if-maximum-exceeded="false" />
</security:session-management>
Dhruv
A Tech Geek & Internet nerd, loves to roam around the planet and become a universal citizen
Updated on June 14, 2022Comments
-
Dhruv almost 2 years
I have web application, in which I have used Spring framework. For the concurrent session control I have use spring feature where only 1 logged in session will be maintained for 1 user as soon as that user logs in to another session , he/her previous session will be expired.
Now in this case I am getting this message "This session has been expired (possibly due to multiple concurrent logins being attempted as the same user)."
But I get this message on complete white page on browser. I want this message to come on my login screen only.
Here is the part of my spring security xml where I have handled concurrent session for user.
<security:session-management invalid-session-url="/login.jsp?error=sessionExpired" session-authentication-error-url="/login.jsp?error=alreadyLogin"> <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="false" /> </security:session-management>Any links specially for customizing this message and redirecting this message on desired web application page will be appreciated.
Thanks in advance.