Vaadin + Spring Security = UIDL vs non UIDL request

We have implemented spring security and only allow one user to be logged in under the same user name at one time.

When somebody logs into an account they will boot the existing user.

The next thing the previous user does will cause a session timeout to be thrown by spring. We’d like to message to the user what has happened.
“I.e Sombody just killed your session because they logged in with your usernme”

This is pretty easy to do typically, but enter VAADIN.

Typically we’d just provide a special url to the login screen which displays the message.

Well in VAADIN we have to account for the fact that there may have been a UIDL request. So if VAADIN is expecting UIDL but gets a redirect it throws a communication error.
But if I send back a UIDL redirect that won’t work if someone happens to hit enter the browser location or use a bookmark.


Does anybody have any tips on debugging the ApplicationConnection?

I’m assuming I’m going to need to customize it.