Does anybody notice another security issue? For example, a user didn't log out, and another user logged in. Then system gave alert You are already logged in, and the system got new principle, but previous old session.
At this situation (two different users login), it seems that system needs to call identity.unAuthenticate() to , then invoke the event @Observer(JpaIdentityStore.EVENTUSERAUTHENTICATED). But system disregard the two different users as the same use. Thanks.