Another very interesting feature that Spring provides is to manage the HTTP session. It facilitates to take decisions about the session timeout, how many concurrent sessions an authenticated user can handle, and session fixation protection. It also prevents the user from concurrently authenticating the application from more than one instance. This feature helps in preventing a user from sharing his username to access the product from multiple locations. The session management will be handled by SessionManagementFilter
and SessionAuthenticationStrategy
. Let's first find out how the Spring Session management is different from the traditional HTTP session management:
- Problems handling multiple accounts: Usually, many of us have more than one account: one for personal use and another for official use. If the application tracks the user to find whether he is currently logged in or not using
HttpSession
, we have to log out of one account and then log in to the other account...