GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch '6.3.x' into 6.4.x

pull/17169/head
Josh Cummings 7 months ago
parent
233a6651cc a4cd6f4278
commit
fbfb28456a
No known key found for this signature in database
GPG Key ID: 869B37A20E876129
1 changed files with 7 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      docs/modules/ROOT/pages/servlet/authentication/session-management.adoc

7
docs/modules/ROOT/pages/servlet/authentication/session-management.adoc
Unescape View File

@ -534,6 +534,13 @@ public class MaximumSessionsPreventLoginTests { @@ -534,6 +534,13 @@ public class MaximumSessionsPreventLoginTests {
If you are using a customized authentication filter for form-based login, then you have to configure concurrent session control support explicitly.
You can try it using the {gh-samples-url}/servlet/spring-boot/java/session-management/maximum-sessions-prevent-login[Maximum Sessions Prevent Login sample].
[NOTE]
=====
If you are using a custom implementation of `UserDetails`, ensure you override the **equals()** and **hashCode()** methods.
The default `SessionRegistry` implementation in Spring Security relies on an in-memory Map that uses these methods to correctly identify and manage user sessions.
Failing to override them may lead to issues where session tracking and user comparison behave unexpectedly.
=====
== Detecting Timeouts
Sessions expire on their own, and there is nothing that needs to be done to ensure that a security context gets removed.

Write Preview
Loading…
Cancel
Save