CSRF protection requires sessions

author: Vitaly Takmazov 2022-12-08 14:24:15 +0300
committer: Vitaly Takmazov 2022-12-08 14:24:15 +0300
commit: d46011fda6ce17537b9020af3688928b3281ccb8 (patch)
tree: 1df15ec1e5f747580fc18000a5ff087d210f2c44 /src/main/java/com
parent: c942dcfcb854d0c3411ea29c3f9b7cba29314371 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java
index ad24445b..b531e62f 100644
--- a/src/main/java/com/juick/config/SecurityConfig.java
+++ b/src/main/java/com/juick/config/SecurityConfig.java
@@ -177,8 +177,7 @@ public class SecurityConfig {
                         .configurationSource(corsConfigurationSource()))
                 .sessionManagement(
                         sessionManagement -> sessionManagement
-                                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                                .invalidSessionUrl("/"))
+                                .sessionCreationPolicy(SessionCreationPolicy.ALWAYS))
                 .logout(logout -> logout
                         .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                         .invalidateHttpSession(true)
author	Vitaly Takmazov	2022-12-08 14:24:15 +0300
committer	Vitaly Takmazov	2022-12-08 14:24:15 +0300
commit	d46011fda6ce17537b9020af3688928b3281ccb8 (patch)
tree	1df15ec1e5f747580fc18000a5ff087d210f2c44 /src/main/java/com
parent	c942dcfcb854d0c3411ea29c3f9b7cba29314371 (diff)