[Acegisecurity-developer] Concurrent session check and username primary key issue

[Herryanto Siatono]

I'm absolutely impressed with the architecture of Acegi Security, how clean Acegi classes link up to each other, but I encountered an issue when trying to use ConcurrentSessionControllerImpl. I stepped through the code, and I realised that it does not work when UserDetails.getUsername() is overridden with user's primary key after successful login. Simply because the session check is performed before the actual authentication takes place using the login username e.g. 'user1', while the registration of new session takes place after successful authentication using the already overriden .getUsername() with the user's primary key, e.g. '101'. So the ConcurrentLogin exception is never thrown in such case. Just wondering if there's a known workaround? Or Should I just avoid using the user primary key as the username? Thx.   Herry