Spring security concurrent-session and HttpSessionListener problem

I have implemented HttpSessionListener and it works fine except for the case when a logged in user concurrently logs in a second time. Spring terminates the first session correctly, but the destroySession event is never fired, at least my listener never gets it.

My spring-security is as follows:
<session-management session-fixation-protection="migrateSession" > <concurrency-control max-sessions="1" expired-url="/login_sessionexpired" /> </session-management>
The above logs the user out of the first session, if they concurrently log in a second time, however, the HttpSessionListener.sessionDestroyed is never called.

The HttpSessionListener.sessionDestroyed is called normally for manual logout and session time out.

I have a 'delegating proxy' for the listener in web.xml:
<listener> <listener-class>com.test.security.DelegatingHttpSessionEventListenerProxy</listener-class> </listener>

This listener delegates to a spring-bean defined in the my-servlet.xml as:
<bean id="httpSessionEventListener" class="com.test.security.SimpleHttpSessionEventListenerImpl" />

The delegating listener is coded as:
public class DelegatingHttpSessionEventListenerProxy implements HttpSessionListener { /** * Delegates sessionCreated Event to the Spring-bean */ @Override public void sessionCreated(HttpSessionEvent se) { ApplicationContext context = WebApplicationContextUtils .getWebApplicationContext(se.getSession().getServletContext()); HttpSessionListener target = context.getBean( "httpSessionEventListener", HttpSessionListener.class); target.sessionCreated(se); } /** * Delegates sessionDestroyed Event to the Spring-bean */ @Override public void sessionDestroyed(HttpSessionEvent se) { ApplicationContext context = WebApplicationContextUtils .getWebApplicationContext(se.getSession().getServletContext()); HttpSessionListener target = context.getBean( "httpSessionEventListener", HttpSessionListener.class); target.sessionDestroyed(se); } }

I'm using spring-security-3.0.5, can somebody please tell me what am I missing?

Thank you.