Added additional info on concurrent session usage

2009-12-28 14:32:54 +00:00 · 2009-12-28 14:32:54 +00:00 · 0aab19ed4b
parent 744ed95b51
commit 0aab19ed4b
1 changed files with 8 additions and 4 deletions
--- a/docs/manual/src/docbook/session-mgmt.xml
+++ b/docs/manual/src/docbook/session-mgmt.xml
@ -62,10 +62,14 @@
    <para>Spring Security is able to prevent a principal from concurrently authenticating to the
      same application more than a specified number of times. Many ISVs take advantage of this to
      enforce licensing, whilst network administrators like this feature because it helps prevent
-      people from sharing login names. You can, for example, stop user "Batman" from logging onto
-      the web application from two different sessions.</para>
-    <para>This feature is supported by the namespace, so please check the earlier namespace chapter
-      for the simplest configuration. Sometimes you need to customize things though. </para>
+      people from sharing login names. You can, for example, stop user <quote>Batman</quote> from
+      logging onto the web application from two different sessions. You can either expire their
+      previous login or you can report an error when they try to log in again, preventing the second
+      login. Note that if you are using the second approach, a user who has not explicitly logged
+      out (but who has just closed their browser, for example) will not be able to log in again
+      until their original session expires.</para>
+    <para>Concurrency control is supported by the namespace, so please check the earlier namespace
+      chapter for the simplest configuration. Sometimes you need to customize things though. </para>
    <para>The implementation uses a specialized version of
        <interfacename>SessionAuthenticationStrategy</interfacename>, called
        <classname>ConcurrentSessionControlStrategy</classname>. <note><para>Previously the