Disable use of HTTP session by Spring Security
Issue #12
new
By default Spring Security uses the HTTP session to store the authentication. This is convenient, but Connect add-ons should be stateless.
Comments (4)
-
-
Account Deactivated Yeah, static macros are not working at all. :(
-
reporter - changed title to Disable use of HTTP session by Spring Security
-
repo owner @mjensen Could you elaborate a little more on this use case? Would removing Spring relying on a session solve the issue or do I need to consider more details?
- Log in to comment
This is worse than just an inconvenience, server-to-server calls do not have access to the client http session. This means calls like static add-ons blueprints, or other integrations that don't come from the client browser simply wont work.