Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-02-28 18:39:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Clarify the behavior of Concurrent Session Management when an IdP is involved

Browse Source 
Closes gh-15071
This commit is contained in:
Marcus Hert Da Coregio 2024-06-05 13:59:24 -03:00
parent 0aed8df549
commit e013d96758
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/modules/ROOT/pages/reactive/authentication/concurrent-sessions-control.adoc
View File

@ -188,6 +188,12 @@ open fun reactiveSessionRegistry(): ReactiveSessionRegistry {
When the maximum number of sessions is exceeded, by default, the least recently used session(s) will be expired. When the maximum number of sessions is exceeded, by default, the least recently used session(s) will be expired.
If you want to change that behavior, you can <<concurrent-sessions-control-custom-strategy,customize the strategy used when the maximum number of sessions is exceeded>>. If you want to change that behavior, you can <<concurrent-sessions-control-custom-strategy,customize the strategy used when the maximum number of sessions is exceeded>>.
[IMPORTANT]
====
The Concurrent Session Management is not aware if there is another session in some Identity Provider that you might use via xref:reactive/oauth2/login/index.adoc[OAuth 2 Login] for example.
If you also need to invalidate the session against the Identity Provider you must <<concurrent-sessions-control-custom-strategy,include your own implementation of `ServerMaximumSessionsExceededHandler`>>.
====
[[concurrent-sessions-control-custom-strategy]] [[concurrent-sessions-control-custom-strategy]]
== Handling Maximum Number of Sessions Exceeded == Handling Maximum Number of Sessions Exceeded