I wonder if, with Spring Security, I can validate the user sessions, allowing only one browser tab open. Is it possible?
I would also like to know if I can do it, when the user closes the tab and open it again before the end of his session SessionFilter it from direct application, without going to the login screen.
I'm using JSF 1.2, RichFaces 3.3.3, Hibernate and co …
Detail: I know the spring security, I'm just researching it.
Now thanks and excuse me for my bad English.
See ya!
Best Answer
No. Spring Security cannot tell if the request was from the original tab or from a new tab - that information is strictly client-side. From http://static.springsource.org/spring-security/site/faq.html :