I'm using Spring Boot version 1.5.13. I can set the upper limit on concurrent sessions using the below code snippet in a configuration class -
http.sessionManagement().maximumSession($max_sesssions)
However, I want to know the default value of this limit.
The default is to allow any number of sessions per user. I navigated through the source code and found out the value is set to -1 for allowing any number of sessions by default.
Below is the snippet from ConcurrentSessionControlAuthenticationStrategy class -
/**
* Sets the <tt>maxSessions</tt> property. The default value is 1. Use -1 for
* unlimited sessions.
*
* @param maximumSessions the maximimum number of permitted sessions a user can have
* open simultaneously.
*/
public void setMaximumSessions(int maximumSessions) {
Assert.isTrue(
maximumSessions != 0,
"MaximumLogins must be either -1 to allow unlimited logins, or a positive integer to specify a maximum");
this.maximumSessions = maximumSessions;
}