From a5dde8b28f428d0d02f04feb35ed5d929ce41f8f Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Sun, 17 Jan 2010 14:41:24 +0000
Subject: [PATCH] Updated doc on invalid session detection.

Invalid session URL must typically be omitted from the filter chain to prevent an infinite loop.
---
 .../src/main/webapp/WEB-INF/applicationContext-security.xml     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml b/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml
index 1a9a47abd7..1e3309df18 100644
--- a/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -33,7 +33,7 @@
         <x509 />
 -->
         <!-- Uncomment to limit the number of sessions a user can have -->
-        <session-management>
+        <session-management invalid-session-url="/something">
             <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
         </session-management>