stoken | RSA SecurID-compatible software token for Linux/UNIX systems

You can use std::bind_front to bind this to &test::member and pass it to jthread:

Your std::jthread code can be simplified to:

Replace function assigned to token to use an arrow function instead.

It didn't work because std::jthread has a special feature where, if the first parameter of a thread-function is a std::stop_token, it fills that token in by an internal stop_source object.

What you ought to do is only pass a stop_source (by value, not by reference), and extract the token from it within your thread function.

As for why this is better than a reference to an atomic, there are a myriad of reasons. The first being that stop_source is a lot safer than a bare reference to an object whose lifetime is not under the local control of the thread function. The second being that you don't have to do std::ref gymnastics to pass parameters. This can be a source of bugs since you might accidentally forget to do that in some place.

The standard stop_token mechanism has features beyond just requesting and responding to a stop. Since the response to a stop happens at an arbitrary time after issuing it, it may be necessary to execute some code when the stop is actually requested rather than when it is responded to. The stop_callback mechanism allows you to register a callback with a stop_token. This callback will be called in the thread of the stop_source::request_stop call (unless you register the callback after the stop was requested, in which case it's called right when you register it). This can be useful in limited cases, and it's not simple code to write yourself. Especially when all you have is an atomic.

And then there's simple readability. Passing a stop_source tells you exactly what is going on without having to even see the name of a parameter. Passing an atomic tells you very little from just the typename; you have to look at the parameter name or its usage in the function to know that it is for halting the thread.

Yes, there is a race condition.

In general with a condition variable, you must hold the mutex for some period between modifying the guarded state (usually a variable) and signaling the condition variable. If you do not, you can miss a signal.

Making your state an atomic variable does not avoid that problem.

The wait code for a cv first checks the state. If it fails, it then atomically drops the lock and waits on a signal.

If your stop token is set in that gap after it is checked, but before it waits, then the stop token calls notify all, that notify all won't be picked up by the condition variable.

The cv.notify_all() would have to be preceded by getting that lock. And that opens up a whole can of worms.

Do not use this code, it will probably break horribly due to double locking or a a myriad of other things, but in theory it looks like:

First, let's consider how concurrent session control works in a simple case, without a custom filter, in an application using form login.

A valid login request will arrive at the UsernamePasswordAuthenticationFilter.
In this filter, that the session concurrency limit is checked, by calling SessionAuthenticationStrategy#onAuthentication.
If the maximum limit is not exceeded then the user is logged in successfully. If the limit is exceeded then a SessionAuthenticationException is thrown which returns an error response to the user.

To have the same behaviour in a custom filter, you need to make sure that SessionAuthenticationStrategy#onAuthentication is called in the doFilter method.

One way to accomplish this is by creating a custom Configurer and applying it in the HttpSecurity configuration.

use ls -ld /usr/share to see what the permissions on the directory are (without -d, you get the contents and their permissions).

Use code like:

I've looked on the website and I think I've found the solution.

When you make a GET request you get neither the cookies or the stoken.

To get both of them you simply make a POST request and retrieve the session cookies.

Every time you make the requests with those cookies, the stoken value will not change.

I plan on saving those tokens within one worker class and sharing the value with the other worker classes.

Mutating configuration might work, but that's an odd way to approach this problem. The more natural approach would be to use something like IMemoryCache with well-known keys.

Note that the GetOrCreate and GetOrCreateAsync extension methods for IMemoryCache are not atomic. If you want an async-compatible "refresh this token, but if it's already being refreshed then share that refresh request" kind of operation, then you'll need to build that yourself. If you need that, I have an AsyncCache that can help.