I have an application which uses SpringSecurity. My problem arrives if I try to login, it fails, and I attempt again. What happens is that the sessionid is still the same, and this creates problems. I have tried to run:
request.getSession(false).invalidate()
final HttpSession session = request.getSession(true)
When I do this I get serverError when I try to login, which isn't logged anywhere (I suspect SpringSecurity is to blame...). Is there anyway to force a new session on each login request when using SpringSecurity?
You will probably get NullPointerExceptions with
request.getSession(false).invalidate();
because getSession returns null when there is no session. So this will probably work if you do a null check before doing the invalidate.
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
}