vkok / ac-spring-boot / issues / #12 - Disable use of HTTP session by Spring Security — Bitbucket

Issue #12 new

Kenny MacLeod created an issue 2016-03-02

By default Spring Security uses the HTTP session to store the authentication. This is convenient, but Connect add-ons should be stateless.

Comments (4)

mjensenbitbucket-bot
This is worse than just an inconvenience, server-to-server calls do not have access to the client http session. This means calls like static add-ons blueprints, or other integrations that don't come from the client browser simply wont work.
- 2016-03-14T15:44:49+00:00
Rafael Franco Account Deactivated
Yeah, static macros are not working at all. :(
- 2016-03-14T16:06:29+00:00
Kenny MacLeod reporter
- changed title to Disable use of HTTP session by Spring Security
- 2016-03-15T21:54:34+00:00
Vincent Kok repo owner
@mjensen Could you elaborate a little more on this use case? Would removing Spring relying on a session solve the issue or do I need to consider more details?
- 2016-04-04T10:56:41+00:00
Log in to comment

Assignee: –

Type: bug

Priority: minor

Status: new

Votes: 1

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!