上一篇:【认证、授权攻略三(10)、spring security 记住我功能】
web.xml添加配置如下:
<!-- 防用户重复登录 -->
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
spring-security.xml配置文件
http元素下添加:
<security:http create-session="ifRequired">
<!-- session管理 -->
<security:session-management invalid-session-url="/login.jsp" session-fixation-protection="migrateSession">
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
</security:session-management>
</security:http>
invalid-session-url:session 失效的重定向页面,注意不需要认证;
concurrency-contro