Does anybody notice another security issue? For example, a user didn't log out, and another user logged in. Then system gave alert You are already logged in
, and the system got new principle, but previous old session.
At this situation (two different users login), it seems that system needs to call identity.unAuthenticate() to , then invoke the event @Observer(JpaIdentityStore.EVENTUSERAUTHENTICATED)
. But system disregard the two different users as the same use. Thanks.