From 5ecc9c6785ae1e672b25f141339cca2fa9a91218 Mon Sep 17 00:00:00 2001
From: Gauthier Roebroeck <gauthier.roebroeck@gmail.com>
Date: Thu, 3 Mar 2022 08:46:48 +0800
Subject: [PATCH] fix(api): expired sessions would not be destroyed

---
 .../infrastructure/security/SecurityConfiguration.kt      | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
index 03ad25d39..62cfcf72a 100644
--- a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
+++ b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
@@ -10,6 +10,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.builders.WebSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
+import org.springframework.security.core.session.SessionRegistry
 import org.springframework.security.core.userdetails.UserDetailsService
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest
 import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
@@ -33,6 +34,7 @@ class SecurityConfiguration(
   private val oidcUserService: OAuth2UserService<OidcUserRequest, OidcUser>,
   private val sessionCookieName: String,
   private val userAgentWebAuthenticationDetailsSource: WebAuthenticationDetailsSource,
+  private val sessionRegistry: SessionRegistry,
   clientRegistrationRepository: InMemoryClientRegistrationRepository?,
 ) : WebSecurityConfigurerAdapter() {
 
@@ -71,6 +73,12 @@ class SecurityConfiguration(
         it.deleteCookies(sessionCookieName)
         it.invalidateHttpSession(true)
       }
+      .sessionManagement { session ->
+        session.sessionConcurrency {
+          it.sessionRegistry(sessionRegistry)
+          it.maximumSessions(-1)
+        }
+      }
 
     if (oauth2Enabled) {
       http.oauth2Login { oauth2 ->