Configuring expired session redirect
Fortunately, there is a simple method for directing users to a friendly page (typically the login page) when they are flagged by concurrent session control—simply specify the expired-url attribute and set it to a valid page in your application. Update your SecurityConfig.java file as follows:
//src/main/java/com/packtpub/springsecurity/configuration/SecurityConfig.java
http.sessionManagement(session -> session.maximumSessions(1)
.expiredUrl("/login/form?expired")); In the case of our application, this will redirect the user to the standard login form. We will then use the query parameter to display a friendly message, indicating that we determined that they had multiple active sessions and should log in again. Update your login.html page to use this parameter to display our message:
//src/main/resources/templates/login.html
<div th:if="${param.expired != null}" class...
