Home/ Questions/Q 7401651
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T04:31:47+00:00

I am using Spring Security 3.1 and am using <concurrency-control max-sessions=1 error-if-maximum-exceeded=true /> I

  • 0

I am using Spring Security 3.1 and am using 

 <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
  • I open a browser and log in (Ex. IE9)
  • I close that browser
  • I open a different browser (Ex. Firefox)
  • I cannot log in because I am still logged in on the other browser

Is there a way to force the session to close when the browser closes? I need to keep the max-sessions to 1 for concurrency control.

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I would add a custom filter of my own just before the “CONCURRENT_SESSION_FILTER” and check in the request URI for a string like “force-logout.do” (or something similar).

    Then, in the HTML generated I would have a JavaScript event handler like the following:

    <script type="text/javascript">
function force_logout() {
  // AJAX request to server notifying that the browser has been closed.
}
</script>

<body onbeforeunload="force_logout();">
</body>

    That would work for IE and Firefox (you should check other browsers as well). Your filter just needs to check the URI and perform a session.invalidate() in case it matches the “force logout URI” and return immediately or just bypass the request to the filter chain otherwise.

    NOTE: I’m not adding the AJAX code since I don’t know if you are using a specific AJAX framework. With prototype.js it would be fairly simple.

    • 0