From d46011fda6ce17537b9020af3688928b3281ccb8 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Thu, 8 Dec 2022 14:24:15 +0300
Subject: CSRF protection requires sessions

---
 src/main/java/com/juick/config/SecurityConfig.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'src/main/java/com/juick/config/SecurityConfig.java')

diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java
index ad24445b..b531e62f 100644
--- a/src/main/java/com/juick/config/SecurityConfig.java
+++ b/src/main/java/com/juick/config/SecurityConfig.java
@@ -177,8 +177,7 @@ public class SecurityConfig {
                         .configurationSource(corsConfigurationSource()))
                 .sessionManagement(
                         sessionManagement -> sessionManagement
-                                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-                                .invalidSessionUrl("/"))
+                                .sessionCreationPolicy(SessionCreationPolicy.ALWAYS))
                 .logout(logout -> logout
                         .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                         .invalidateHttpSession(true)
-- 
cgit v1.2.3