3

I'm using spring-boot + OAuth2 with Redis managing sessions. I would save some data in one request and retrieve the data in another. And I use the X-Auth-Token header to identify sessions, as shown below:

@Bean
public HttpSessionIdResolver httpSessionIdResolver() {
    return HeaderHttpSessionIdResolver.xAuthToken();
}

I noticed that I got a new X-Auth-Token with every response and I have to use the new one (from the response, instead of the one that I used in the request) to be able to access the session data.

Screenshot from postman:

This seems quite unnecessary (does this mean that data is being moved around in Redis all the time?), and I wonder if there are settings that I can use to just use one X-Auth-Token instead.

barbsan
  • 3,418
  • 11
  • 21
  • 28
devvjj
  • 33
  • 3
  • Do you find the solution? – Vinayak Dornala Jun 26 '19 at 18:21
  • 1
    I can't remember exactly the solution (not a perfect one either): it seems to have something to do with `SessionCreationPolicy`. You can try to set it to `IF_REQUIRED` (by default it's `NEVER`) in your configuration: `public void configure(HttpSecurity http) throws Exception {` `http.sessionManagement().sessionCreationPolicy( SessionCreationPolicy.IF_REQUIRED` `);` – devvjj Jun 28 '19 at 08:31

0 Answers0