From 688c8e5760a4a941acae2ebf5ebde5003d4d5eb2 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Mon, 19 Nov 2018 18:57:31 +0300 Subject: www: disable JSESSIONID --- src/main/java/com/juick/server/configuration/SecurityConfig.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src/main/java/com/juick/server') diff --git a/src/main/java/com/juick/server/configuration/SecurityConfig.java b/src/main/java/com/juick/server/configuration/SecurityConfig.java index 37007f09..fd7b73e8 100644 --- a/src/main/java/com/juick/server/configuration/SecurityConfig.java +++ b/src/main/java/com/juick/server/configuration/SecurityConfig.java @@ -182,8 +182,9 @@ public class SecurityConfig { .anyRequest().permitAll() .and() .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY) - .and() - .sessionManagement().invalidSessionUrl("/") + .and().sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.STATELESS) + .invalidSessionUrl("/") .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) -- cgit v1.2.3