From 688c8e5760a4a941acae2ebf5ebde5003d4d5eb2 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Mon, 19 Nov 2018 18:57:31 +0300
Subject: www: disable JSESSIONID

---
 src/main/java/com/juick/server/configuration/SecurityConfig.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/main/java/com')

diff --git a/src/main/java/com/juick/server/configuration/SecurityConfig.java b/src/main/java/com/juick/server/configuration/SecurityConfig.java
index 37007f09..fd7b73e8 100644
--- a/src/main/java/com/juick/server/configuration/SecurityConfig.java
+++ b/src/main/java/com/juick/server/configuration/SecurityConfig.java
@@ -182,8 +182,9 @@ public class SecurityConfig {
                     .anyRequest().permitAll()
                     .and()
                     .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY)
-                    .and()
-                    .sessionManagement().invalidSessionUrl("/")
+                    .and().sessionManagement()
+                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                    .invalidSessionUrl("/")
                     .and()
                     .logout()
                     .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
-- 
cgit v1.2.3