Announcement Announcement Module
No announcement yet.
How do I use Basic Authentication without creating sessions? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • How do I use Basic Authentication without creating sessions?

    I have a server configured with Spring Security where the clients are authenticated using Basic Authentication. Each time a client is authenticated, Spring Security is creating a session and return it to the client as usual.

    The problem is that my clients (programs) are not designed to pass the sessions back to server. Instead, they only pass back the Authorization header with the user credential values. This causes each request to be re-authenticated and Spring Security to create a brand new session for each client/server interaction. Obviously, this quickly and unnecessarily exhausts available session space in the system.

    So my question is - how do I configure Spring Security to NOT create sessions at all in use cases like this? I did some searching around (including reference doc), and could not find pertaining information. Any information would be greatly appreciated.


  • #2
    The easiest way is using the create-session attribute. If you have problems, refer to the FAQ.


    • #3

      Thanks for the pointer.