Comments (7)
If this is by design since gmail oauth2 uses an external authorization server, request you to update the spring security doc or point me to the material where it says that maximumSessions(1) cannot be supported in such cases. The authentication object in the spring security context does contain the login id which is the email id in case of gmail authentication. So I would think it is still possible to detect if the user logs in with the same gmail id on different browsers/different devices, but I could be missing something here.
from spring-session.
Hi, @seaswaraiyer. Have you configured the integration between Spring Security and Spring Session?
from spring-session.
from spring-session.
If you are using Spring Session you need to expose the SpringSessionBackedSessionRegistry
as described in the docs I linked. It feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.
from spring-session.
from spring-session.
The two projects in that link don't use the SpringSessionBackedSessionRegistry but the maxSessions feature still works in those projects
That is because they are using in-memory session storage, there is no Spring Session involved. If you are saving user's authentication to the session, and you are using Spring Session, you must define a SpringSessionBackedSessionRegistry
bean in order for it to work. Please, refer to https://docs.spring.io/spring-session/reference/spring-security.html#spring-security-concurrent-sessions
from spring-session.
Thanks for the explanation, Marcus. I would still say that the documentation is not clear and needs to be updated, but I'm not going to debate on this. You keep pointing me to the spring session link(https://docs.spring.io/spring-session/..) and that has a section that talks about the integration between spring session and spring security. I was using the link for spring security(https://docs.spring.io/spring-security/...) that has a section for configuring concurrent session control and that does not have any section for the integration with spring session. Nowhere does it say oauth requires spring-session in that link. Since you are actively working on the spring session project, it may all be very obvious to you. In any case, thanks for your help this. I really appreciate it.
from spring-session.
Related Issues (20)
- Possibility to apply the `SessionRepositoryFilter` conditionally. HOT 2
- Update to Spring Security 6.3.0-RC1
- Support for NATS JetStream Key/Value store as an alternative for Redis HOT 2
- Spring Session JDBC JSON format storing is not working HOT 9
- Migrate to com.gradle.develocity plugin
- Migrate to com.gradle.develocity plugin
- Migrate to com.gradle.develocity plugin
- Update reference site link HOT 1
- Update to Spring Security 6.3.0
- Spring Session Redis Index Key not deleted when session expired HOT 1
- Does spring-session support spring-authorization-server? HOT 1
- Migration of active sessions from one datasource to another HOT 3
- Spring Session returning default Spring Security User object instead of custom UserDetails object HOT 3
- Does Jedis support GCP Redis Memstore Cluster (Discovery Endpoint) HOT 1
- Spring Session returning default Spring Security User object instead of custom UserDetails object
- Spring Session returning default Spring Security User object instead of custom UserDetails object
- Spring Session Hazelcast should send value objects in serialized form to Hazelcast cluster
- Spring-Session does not allow the use of read replicas
- Upgrade to Spring Framework 6.2.0-M4
- EnableRedissonHttpSession Deprecated HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-session.