Menu
In my web application theres the requirement that each locale (accessible under the paths /de_DE/, /en_US/ etc.) respectively has it's own session. I did this by overwriting the session CookieGenerator so that it sets a path for the session cookies, so the browser sends the right session id for the accessed locale.
The problem I have now is that Spring Security changes the session ID after the login and generates a new session cookie somewhere. This cookie doesn't have the path I want it to. Where can I manipulate how Spring generates the session cookie?
505
JSESSIONID cookie is created by web container and send along with response to client.
If a Web server is using a cookie for session management it creates and sends JSESSIONID cookie to the client and then the client sends it back to the server in subsequent HTTP requests.
Spring Security is very mature and widely used security framework for Java based web applications. It works perfectly with minimal configuration and following successful login returns JSESSIONID cookie which allows to re-authenticate client's consecutive calls as long as session doesn't expire.
Generally session stored in cookies.
Look at SessionManagementFilter as here all session related activities happens with the help of SessionAuthenticationStretegy classes.
152
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
