Home/ Questions/Q 1071263
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T20:41:30+00:00

I have a problem with my j2ee application using spring security. I set max-sessions

  • 0

I have a problem with my j2ee application using spring security. I set max-sessions in concurrent-session-control to 1. Now it works fine when I try to Login the second time it will stop me. But when I logout the other one and try to login again I still get this same message.

Your login attempt was not successful, try again.
Reason: Maximum sessions of 1 for this principal exceeded

I have this in my http security

 <security:logout logout-url="/logout.do"
  invalidate-session="true" logout-success-url="/logoutSuccess.do" />
 <security:concurrent-session-control
  max-sessions="1" exception-if-maximum-exceeded="true" expired-url="/loginform.do" />
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s been quite a while since you posted this, but if anyone else is having this problem I believe this behavior will occur if you don’t add org.springframework.security.web.session.HttpSessionEventPublisher as a listener in your web.xml.

    See here:

    Adding the listener to web.xml causes an ApplicationEvent to be published to the Spring ApplicationContext every time a HttpSession commences or terminates. This is critical, as it allows the SessionRegistryImpl to be notified when a session ends. Without it, a user will never be able to log back in again once they have exceeded their session allowance, even if they log out of another session or it times out.

    • 0