• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
  • Paul Clapham
  • paul wheaton
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Piet Souris
  • Mike London

Spring security concurrent-session and HttpSessionListener problem

Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have implemented HttpSessionListener and it works fine except for the case when a logged in user concurrently logs in a second time. Spring terminates the first session correctly, but the destroySession event is never fired, at least my listener never gets it.

My spring-security is as follows:

The above logs the user out of the first session, if they concurrently log in a second time, however, the HttpSessionListener.sessionDestroyed is never called.

The HttpSessionListener.sessionDestroyed is called normally for manual logout and session time out.

I have a 'delegating proxy' for the listener in web.xml:

This listener delegates to a spring-bean defined in the my-servlet.xml as:

The delegating listener is coded as:

I'm using spring-security-3.0.5, can somebody please tell me what am I missing?

Thank you.
    Bookmark Topic Watch Topic
  • New Topic