You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/modules/ROOT/pages/servlet/authentication/session-management.adoc
+7Lines changed: 7 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -534,6 +534,13 @@ public class MaximumSessionsPreventLoginTests {
534
534
If you are using a customized authentication filter for form-based login, then you have to configure concurrent session control support explicitly.
535
535
You can try it using the {gh-samples-url}/servlet/spring-boot/java/session-management/maximum-sessions-prevent-login[Maximum Sessions Prevent Login sample].
536
536
537
+
[NOTE]
538
+
=====
539
+
If you are using a custom implementation of `UserDetails`, ensure you override the **equals()** and **hashCode()** methods.
540
+
The default `SessionRegistry` implementation in Spring Security relies on an in-memory Map that uses these methods to correctly identify and manage user sessions.
541
+
Failing to override them may lead to issues where session tracking and user comparison behave unexpectedly.
542
+
=====
543
+
537
544
== Detecting Timeouts
538
545
539
546
Sessions expire on their own, and there is nothing that needs to be done to ensure that a security context gets removed.
0 commit comments