httpSession.getAttribute("userId") returns null in spring Boot after some frequent API request from Angular front end

Question

I am working on an app which have Frontend implemented in Angular 5 while the back end is in Spring Boot, I am using JWT tokens for authentication. Problem which i am unable to figure out is that When a user logs in I set userId in HttpSession on back end to use userId in later request by the same user.

session.setAttribute("userId", userData.getUsername());

If the same user make requests to back end's RestControllers with some interval like half a second, httpSession is returned correctly, if I make very quick requests httpSession starts returning NULL. I am making requests from Angular like this from various services.

getMyAccountList(){
    return this.http.get('/api/account/getMyAccountList');
  }

If the cookie hasn't yet returned to identify the session then there is no session yet. — M. Deinum, Aug 02 '18 at 08:21

score 0 · Accepted Answer · answered Aug 02 '18 at 11:38

So i figured it out it was due Spring Security's Session Fixation behaviour, which is active by default. configuring HttpSecurity http in WebSecuirtyConfigurerAdapter can solve the problem. just need to add this configuration.

http.sessionManagement().sessionFixation().none();

also refer to this post : Apache Tomcat 7 Changing JSESSIONID on Every Request

httpSession.getAttribute("userId") returns null in spring Boot after some frequent API request from Angular front end

1 Answers1