Spring Security
  1. Spring Security
  2. SEC-1424

Add new option create-session="stateless"

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Complete
    • Affects Version/s: 3.0.2
    • Fix Version/s: 3.1.0.M1
    • Component/s: Namespace
    • Labels:
      None

      Description

      create-session="stateless" would mean that the application guarantees that no session will be created. In this case, we should be able to use a null RequestCache in the ExceptionTranslationFilter and remove the RequestCacheFilter and SessionManagementFilter from the stack.

      This differs from the existing create-session="never" which means that Spring Security will not create a session, but will use an existing one if the application creates it.

        Activity

        Hide
        Luke Taylor added a comment -

        Done. In addition to the above changes, a NullSecurityContextRepository will be used with the SecurityContextPersistenceFilter.

        Show
        Luke Taylor added a comment - Done. In addition to the above changes, a NullSecurityContextRepository will be used with the SecurityContextPersistenceFilter.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Luke Taylor
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: