Announcement Announcement Module
Collapse
No announcement yet.
SecurityContextHolder remains with old sessionId after login Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SecurityContextHolder remains with old sessionId after login

    Hello,

    I'm using Spring Security 3.0.7 in web application which runs on JBoss 6.

    The problem that I'm facing is that when I access SecurityContextHolder, after user was logged-in and session was revalidated, the SecurityContextHolder still holds an old session (before revalidation).

    String sessionId = ((WebAuthenticationDetails)SecurityContextHolder.g etContext().getAuthentication().getDetails()).getS essionId();

    So, I have sessions inconsistency between new revalidated session, which was sent to client browser and old session which for some reason was not updated in SecurityContextHolder.

    I would expect that SecurityContextHolder will hold the same session which is hold by user browser.

    Thanks,
    Pavel
    Last edited by pavel.orehov; Jan 5th, 2012, 05:05 AM.

  • #2
    See http://forum.springsource.org/showth...oyed-sessionId

    Comment


    • #3
      So, is there any other way that I can retrieve current logged-in user sessionId in a static way like from SecurityContextHolder ?

      Comment

      Working...
      X