Questions tagged [spring-session]

Spring Session provides a common infrastructure for managing user’s session information.

Spring Session provides a common infrastructure for managing user’s session information. This provides many Benefits including:

  • Accessing a session from any environment (i.e. web, messaging infrastructure, etc)

  • In a web environment

    • Support for clustering in a vendor neutral way

    • Pluggable strategy for determining the session id

    • Easily keep the HttpSession alive when a WebSocket is active

Resources

748 questions
0
votes
1 answer

JSESSIONID use existing session cookies

Spring Session uses a different format for its session cookies than Tomcat does. So if you implement Spring Session, even if you would name the session cookie JSESSIONID, all the users have to login again. This is a point where you potentially lose…
Marc
  • 6,773
  • 10
  • 44
  • 68
0
votes
0 answers

Forbid Spring Security to create new sessions on login

I implemented Spring Security and Spring Session in my project. Everything is fine, but I want to find an answer: how I can forbid Spring Security to create new sessions on login? Now it works like this: when user login SessionDestroyedEvent is…
jahra
  • 1,173
  • 1
  • 16
  • 41
0
votes
1 answer

Does Spring Session require servlet 3.0?

I'm looking at using the Spring Session library (http://projects.spring.io/spring-session/) and was wondering does using this API require a servlet 3.0 container? Will it work/run on a servlet 2.5 container?
Eric
  • 362
  • 1
  • 4
  • 15
0
votes
1 answer

Not getting SPRING.SESSION.ID from headers

I'm using spring session and AbstractSessionWebSocketMessageBrokerConfigurer and am trying to create a STOMP Websocket with support for Spring Security and Spring Session. I can't seem to get my session activated. I use webstomp-client to connect…
Marc
  • 6,773
  • 10
  • 44
  • 68
0
votes
1 answer

Spring Session Rest and AuthenticationManager

From the Spring Session Rest sample: http://docs.spring.io/spring-session/docs/current/reference/html5/guides/rest.html I have deployed the sample on Cloud Foundry and it works. I am wondering how the session is working with Spring Security…
shcoder
  • 3
  • 4
0
votes
0 answers

Spring CSRF forwarding/disabling

this is my sample application. GATEWAY is the entry point for all other applications. Basically it's the proxy. It's capable of csrf protection. When I access the url localhost:8080/login firstly csrf token is created for GATEWAY and then request is…
bilak
  • 4,526
  • 3
  • 35
  • 75
0
votes
1 answer

Spring Session store user credential only

I am currently Spring MVC 4 with Spring Data Neo4j/MongoDB/JPA. Everything works find until I need to use Spring Session Data Redis to share sessions between servers. The problem is that Spring Session intercept all the HttpSession and store them in…
Steven Luo
  • 2,350
  • 3
  • 18
  • 35
0
votes
1 answer

Spring Session security config and multiple contextLoaderListener classes exception

I am trying to integrate Spring Session 1.2.0 to an existing Spring MVC project with already configured Spring Security. I have done configuration according to…
Nordkraft
  • 125
  • 2
  • 9
0
votes
1 answer

Use existing Spring Boot dataSource for spring-session-jdbc

In my spring-boot application I have an existing dataSource, which I use for Hibernate and/or JdbcTemplate. I am planning to use spring-session with spring-session-jdbc in the future. Can the already existing and configured dataSource of the…
yglodt
  • 13,807
  • 14
  • 91
  • 127
0
votes
2 answers

CSRF protection and Spring Session header session strategy

In my spring based rest API, I'm using spring-session with HeaderHttpSessionStrategy. Given cookies are not used at all (session id is sent as a header), do I still need to worry about CSRF attacks? I would say I'm safe, and I have read people…
jsc
  • 143
  • 1
  • 8
0
votes
2 answers

Spring REST webservice and session persistence

I have this Spring webservice test code: @RestController @RequestMapping("/counter") public class CounterController { @Autowired private Counter counter; @RequestMapping(value = "/inc", method = GET) public int inc()…
Plebios
  • 835
  • 1
  • 7
  • 17
0
votes
0 answers

Switching User Management in Spring Boot

I tried the example application in Spring documentation about user switching, but I tried to implement it in Spring boot, I added the filter and in the configure method I added the filter before the BasicAuthenticationHanlder. The code is as…
0
votes
1 answer

Spring Session Spring Security Rest API and Redis

I am new to using Spring Session and Spring Security. Hope can get help. I want to use Spring Session and Spring Security on REST API and using Redis to store the session information. I followed the sample from…
user6094158
  • 23
  • 1
  • 5
0
votes
3 answers

Session invalidate not working

< ?xml version="1.0" encoding="UTF-8"?> < beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" …
Srinath Murugula
  • 560
  • 1
  • 8
  • 30
0
votes
1 answer

Spring Boot + Spring Session HttpSessionListener not working

I have a spring boot (1.3.2) app in which I have implemented a HttpSessionListener. I registered the listener from a @Configration class @Configuration @EnableRedisHttpSession public class ApplicationSessionConfiguration { @Bean public…
user1610338
  • 29
  • 2
  • 4