Spring Security New session for each call to the Spring Boot server with JWT problem

I'm working to limit the number of sessions per user in Spring Boot, so as to limit the number of devices it can connect. this is my WebSecurityConfigurerAdapter:

http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).maximumSessions(10).maxSessionsPreventsLogin(true);

I tried to change SessionCreationPolicy in various states, or not declare it:

http.sessionManagement().maximumSessions(10).maxSessionsPreventsLogin(true);

every time I call the server, a new session is generated, up to exceeding the declared limit, so I am no longer authorized to make a call.

I noticed that the creation of the new session takes place in GenericFilterBean, exactly after running filterChain.doFilter (req, response)

I carry the file GenericFilterBean:

**@Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain filterChain) { ...

filterChain.doFilter(req, response); ... }**

do you know the way to avoid that every call to the server generates a new session? My goal is one session for each device. Thanks a lot for availability !!!

Comment From: jzheaux

Thanks for getting in touch! It feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.