web.xml
file to keep Spring Security updated about session lifecycle events: <listener>
<listener-class> org.springframework.security.ui.session.HttpSessionEventPublisher </listener-class>
</listener>
Then add the following line to your application context file:
<http>
...
<concurrent-session-control max-sessions="1" />
</http>
This prevents concurrent logins. A second login will cause the first to be invalidated. To prevent a second login, use following configuration:
<http>
...
<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
</http>
The second login will then be rejected.