I have spring boot application that runs in 4 instances. I used 1 Redis as centralized session management. Currently, the session was successfully stored in Redis. In my custom WebSecurityConfigurerAdapter I set the following by overriding configure function.
....
@Bean
public SessionRegistry sessionRegistry() {
return new SessionRegistryImpl();
}
However, this configuration only works in single instance (by using normal and incognito mode). When, I accessed different instances (for example instance A and B) with same credential, the sessions were appended and none of them was invalidated. I followed some post by changing the bean of sessionRegistry
@Autowired
private FindByIndexNameSessionRepository<? extends Session> sessionRepository;
@Bean
public SessionRegistry sessionRegistry() {
return new SpringSessionBackedSessionRegistry<>(sessionRepository);
}
Instead of the app runs, I got an exception regarding bean creation of sessionRegistry.
Anyone has a suggestion to achieve how to ensure 1 user have only 1 active session? Thank you
