Spring Security Concurrency Control在Spring 4.0.4中无法运行

Question

我尝试在Spring security 4.0.4中实现并发控制。我使用form-login进行身份验证。这是我的security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:p="http://www.springframework.org/schema/p"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans  
                     http://www.springframework.org/schema/beans/spring-beans-4.2.xsd  
                     http://www.springframework.org/schema/security  
                     http://www.springframework.org/schema/security/spring-security-4.0.xsd ">


     <security:http auto-config="true" >  
          <security:custom-filter ref="myFilter" before="FORM_LOGIN_FILTER"/>
     <security:intercept-url pattern="/Welcome**" access="hasRole('ROLE_USER')" />  
     <security:intercept-url pattern="/admin**" access="hasRole('ADMINISTRATOR')"/>
     <security:intercept-url pattern="/Welcome**" access="isAuthenticated()"/>
     <security:intercept-url pattern="/hello" access="isAuthenticated()"/>
     <security:intercept-url pattern="/logout" access="isAnonymous()"/>
     <security:intercept-url pattern="/student" access="hasRole('STUDENT')"/>
      <security:intercept-url pattern="/failurl" access="hasRole('STUDENT1')"/>

    <security:session-management invalid-session-url="/access" session-fixation-protection="newSession" >
           <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" expired-url="/access"/>
        </security:session-management>
        <security:logout logout-success-url="/access" delete-cookies="JSESSIONID" /> 


    <security:form-login login-processing-url="/j_spring_security_check"
         login-page="/access" 
        default-target-url="/hello"
        username-parameter="username"
        password-parameter="password"
        authentication-failure-url="/fail"
        />

        <security:logout  logout-url="/j_spring_security_logout" logout-success-url="/logout"/>
        <security:csrf />

    </security:http>  



       <bean id="myFilter" class="com.www.sec.MyFilter">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>

        <security:authentication-manager alias="authenticationManager">
      <security:authentication-provider>
     <!--  <security:password-encoder hash="sha-256"/> -->
        <security:jdbc-user-service data-source-ref="dataSource"
                users-by-username-query=
                    "select username,password,enabled from user_details where username=?"
                authorities-by-username-query=
                    "select username,user_role from user_role where username =?" />
      </security:authentication-provider>
    </security:authentication-manager>



</beans>

监听器：

<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>

当我们在不同的浏览器中运行时，请同时登录，但我有2个会话处于活动状态。似乎并发控制不起作用。

如何使用form-login实现并发控制？