Announcement Announcement Module
No announcement yet.
cookie instead of session Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • cookie instead of session

    The current system use cookie as authentication method instead of HttpSession since we don't want session clustering across servers.

    But Spring Security basically seems to use HttpSession to authenticate.
    Is there any way to use cookie not HttpSession in version 2.x.

    Any hints or tricks are welcomed.

    Thanks in advance.

  • #2
    Spring security can use whatever you lkike. The default setup uses the HttpSessionContextIntegrationFilter which indeed stores/retrieves the SecurityContext in the Session. That is also the only place that the SecurityContext is retrieved/stored the remainder of Spring Security uses (or at least it should!) the SecurityContext so it isn't aware of anything.

    Simple create your own integration filter, take the SessionFilter as a starting point.


    • #3
      Alright. This is what I want.
      Thanks a lot.