spring-session
spring-session copied to clipboard
spring-projects
Spring Session
Hi, is it possible to completely omit `Path` attribute of a cookie? From what I can see in `DefaultCookieSerializer` it doesn't seem possible. I believe this can be useful in...
**Describe the bug** We noticed in our app using MapSessionRepository that when the app is hit by more than one concurrent request from the same session (with a unique attribute...
Due to limitations of the underlying data store, `JdbcOperationsSessionRepository` has no session event publishing capabilities. However, since many projects do include a publish-subscribe broker of some sort, it could make...
# Summary `SessionRepositoryFilter` wraps the incoming `HttpServletRequest` and alters the expected `SecurityContext` retrieval when performing `MockMvc` requests. # Configuration Once setting up **Spring Security** + **Spring Session** + **Spring Session...
The [OWASP session management](https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Session_Management_Cheat_Sheet.md#renewal-timeout) best practices recommend using a renewal session timeout. Seems like spring session does not support renewal timeouts. It would be nice for the library to accommodate...
In reviewing (first) the `2.0.5.RELEASE` (and then (double checking) `2.0.6.RELEASE`) [Javadoc](https://docs.spring.io/spring-session/docs/2.0.6.RELEASE/api/org/springframework/session/web/http/SessionRepositoryFilter.html) for `SessionRepositoryFilter`, I noticed that it oddly extends `java.lang.Object` and not `o.s.session.web.http.OncePerRequestFilter`, as it clearly [does](https://github.com/spring-projects/spring-session/blob/2.0.6.RELEASE/spring-session-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java#L76). I have not...
In specific circumstances there is still a concrete chance to run into concurrency issues. The reason lies in the use of the MERGE SQL statement which, albeit elegant, doesn't prevent...
**Describe the bug** I am using the spring-session solution: cas-server, springboot, spring-session, session-jdbc, and embedded Tomcat, which integrates spring-session and session-jdbc. -Dorg.apache.catalina.connector.RECYCLE_FACADES=true is configured for Tomcat, However, an exception occurs...
Hi, I have integerated spring session jdbc but when login successfully and session is created and store in Spring_session, then password field getting blank. Password field contain after login ''...
Hi, Could you please help me to clarify something: I've noticed that all Sessions that are retrieved from HazelcastSessionRepository are the copies of basic sessions that stored in MapProxyImpl instance....
