Currently I'm trying to make simple application that using spring session(with spring security on spring boot)
it almost works well. but I'm stuck at one point
spring session's guide said "Spring Session will automatically include the session alias in any URL"
but in my jsp , it doesn't works .
so I have to write including alias code by hand
<c:url value="/index" var="indexUrl" >
<c:if test="${param._s != null }">
<c:param name="_s" value="${param._s}" />
</c:if>
</c:url>
<a id="indexLink" href="${indexUrl}">To Index</a>
in the my IDE(spring tool suite),multi users sample code working well same as a guide, and I'm using a same version of jstl at my app
well ... perhaps I have to write more information about my question
sorry but I can't guess which component to affect this problem maybe some part of function of spring session or boot
anybody can advise me which component blocking "Automatic Session Alias Inclusion" or need some setting for use ?
This is a conflict between Spring Security and Spring Session. Spring Security is preventing the URL from being encoded to prevent the JSESSIONID from being exposed accidentally. To allow encoding you can use:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.enableSessionUrlRewriting(true)
.and()
// ...
}
}