Just like logging in to qq, logging in with one mobile phone will push another mobile phone offline. This is called session management.
This thing is very simple. By default, you can log in n multiple times. Once enabled, multiple logins are not allowed.
What is a session.
Our simple understanding is that the same user of a browser counts as a user, such as Google, you add guest login
The new window that opens is another session
It is also a different session between different browsers.
We only need a simple configuration to realize the effect of logging in here and going offline there.
Add the following configuration to the execution chain of security
We set the maximum concurrency to 1, that is, a user can only log in on one device
Note: Someone here will add this after
Red flags appear, what should I do, add an and ()
Here, as long as you see that the return value of and is httpssecurity, you don’t need to continue, if not, just continue to add one.
This place explains why there are two and's.
As shown in the figure, you can also configure some other session policies at this level, such as: what to do if there is more than one, whether to kick the previous one or what to do, that is to say, there are other configurations in this session policy, and you are currently at this level , is the level of session configuration. When you and (), you will return to the same level of selection as the session,
Similarly, when returning to this level, other strategies can be configured, such as the session strategy, which is at this level.
You can think of this chain as a menu.sessionManagement() lets you enter the menu layer, .maximumSessions(1)
Let you enter another floor, and you need to return twice at this time, that is, two and.
On the server, Spring Security maintains a session registry. All logged-in users will be registered in this registry. It is essentially a map collection. The key is the user object, and the value saves all the session objects of the user. Map< User, List<Session>>.
When the user logs out, the user's session will be destroyed by the field, but the session in the map will not be automatically removed, so when the user logs out, the user's corresponding session in the List collection will be removed.
This is also very simple, you only need to register a Bean in the spring container.
At this point, someone will have a problem. The set session does not work no matter how you look at it. The maximum session is set to 1, and other sessions can log in as well, and they do not log out together. why is that?
Let's go back to this map, Map<User, List<Session>>, the key of the map is the current user object, and using the object as the key of the map generally requires rewriting the equals and hashcode methods, otherwise every time you log in, the User object They are all new on-site, so there is a problem.
Let's rewrite the method of User
The user name is already unique, so I only choose the user name here, keep going to next, and end.
Restart and see the effect.
All configurations are now in effect.