I'm extending HttpSessionEventPublisher and i want in my sessionDestroyed() method to differentiate between sessions that were timed out and ones that closed because of concurrency-control max sessions. Is there a flag in HttpSessionEvent or the authentication object? if not can i override the session closing that the concurrency-control do?
EDIT: I added a costume concurrentSessionControlAuthenticationStrategy but I get this error: Configuration problem: session-authentication-strategy-ref attribute cannot be used in combination with
my security.xml:
<security:session-management
session-authentication-strategy-ref="playerConcurrentSessionControlStrategy">
<security:concurrency-control
max-sessions="1" />
</security:session-management>
PlayerConcurrentSessionControlStrategy :
@Component
public class PlayerConcurrentSessionControlStrategy extends ConcurrentSessionControlStrategy
what to do?