Menu
I have a Spring web application that creates a session on each request, and I want to avoid this.
I have this configuration:
<security:http pattern="/**" auto-config='true' create-session="never" use-expressions="true">
<security:intercept-url pattern="/**" access="permitAll" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"/>
</security:authentication-provider>
</security:authentication-manager>
And I call a controller
@RequestMapping(method=RequestMethod.GET, value="/experiences", produces="application/json")
public String getExperiencesList(
HttpServletRequest request,
@RequestParam(value = "channel",required=true) String channel,
@RequestParam(value = "page",required=true) int page,
Model model) {
String path = "http://" + HOST + request.getContextPath();
model.addAttribute("json", experienceService.getExperiencesList(page,channel,path));
return "json";
}
This would be used through a mobile application and the same app could open infinite sessions, any idea how I can avoid this?.
Thanks.
349
asked May 28 '26 19:05
Ok, it's done, I restructured the security and added some changes.
Added the security config in other file with this:
<http pattern="/**" security="none" create-session="never"/>
In web.xml:
<http create-session="never"></http>
And added session="false" on jsp page.
It seems to works fine now.
95
answered May 30 '26 10:05
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With