I was looking at this blog: Use React and Spring Boot to Build a Simple CRUD App to build a webapp (REST based) where the UI will be React, and we will use OKTA for Authentication & Authorization. The backend will be in Spring Boot suite. While looking at that blog, I found that it uses httpSession to set attribute like this:
request.getSession().setAttribute("SPRING_SECURITY_SAVED_REQUEST", new SimpleSavedRequest(referrer));
My question is: Do we also need to handle http session replication issues if we use multiple instances of the webapp (the server part which uses Spring Boot) ? Please let me know if this is the correct approach to go for or not.
Yes, if you're using Spring Security with oauth2Login(), you will need to replicate your session. If you're just using oauth2ResourceServer(), you do not need to replicate because it's stateless.
For session replication, I recommend using Spring Session with Redis.