Code Monkey home page Code Monkey logo

Comments (7)

seaswaraiyer avatar seaswaraiyer commented on June 16, 2024

If this is by design since gmail oauth2 uses an external authorization server, request you to update the spring security doc or point me to the material where it says that maximumSessions(1) cannot be supported in such cases. The authentication object in the spring security context does contain the login id which is the email id in case of gmail authentication. So I would think it is still possible to detect if the user logs in with the same gmail id on different browsers/different devices, but I could be missing something here.

from spring-session.

marcusdacoregio avatar marcusdacoregio commented on June 16, 2024

Hi, @seaswaraiyer. Have you configured the integration between Spring Security and Spring Session?

from spring-session.

seaswaraiyer avatar seaswaraiyer commented on June 16, 2024

from spring-session.

marcusdacoregio avatar marcusdacoregio commented on June 16, 2024

If you are using Spring Session you need to expose the SpringSessionBackedSessionRegistry as described in the docs I linked. It feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.

from spring-session.

seaswaraiyer avatar seaswaraiyer commented on June 16, 2024

from spring-session.

marcusdacoregio avatar marcusdacoregio commented on June 16, 2024

The two projects in that link don't use the SpringSessionBackedSessionRegistry but the maxSessions feature still works in those projects

That is because they are using in-memory session storage, there is no Spring Session involved. If you are saving user's authentication to the session, and you are using Spring Session, you must define a SpringSessionBackedSessionRegistry bean in order for it to work. Please, refer to https://docs.spring.io/spring-session/reference/spring-security.html#spring-security-concurrent-sessions

from spring-session.

seaswaraiyer avatar seaswaraiyer commented on June 16, 2024

Thanks for the explanation, Marcus. I would still say that the documentation is not clear and needs to be updated, but I'm not going to debate on this. You keep pointing me to the spring session link(https://docs.spring.io/spring-session/..) and that has a section that talks about the integration between spring session and spring security. I was using the link for spring security(https://docs.spring.io/spring-security/...) that has a section for configuring concurrent session control and that does not have any section for the integration with spring session. Nowhere does it say oauth requires spring-session in that link. Since you are actively working on the spring session project, it may all be very obvious to you. In any case, thanks for your help this. I really appreciate it.

from spring-session.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.