I have a problem with my j2ee application using spring security. I set max-sessions in concurrent-session-control to 1. Now it works fine when I try to Login the second time it will stop me. But when I logout the other one and try to login again I still get this same message.
Your login attempt was not successful, try again.
Reason: Maximum sessions of 1 for this principal exceeded
I have this in my http security
<security:logout logout-url="/logout.do"
invalidate-session="true" logout-success-url="/logoutSuccess.do" />
<security:concurrent-session-control
max-sessions="1" exception-if-maximum-exceeded="true" expired-url="/loginform.do" />
Best Answer
It's been quite a while since you posted this, but if anyone else is having this problem I believe this behavior will occur if you don't add
org.springframework.security.web.session.HttpSessionEventPublisher
as a listener in your web.xml.See here: