Commit 6c44d44 changed things such that set-cookie headers are sent only for the number of cookies received in the request. This works if the client sends all requests in strictly sequential order, but fails if it sends requests in parallel. The following scenario illustrates this: 1. the client issues a request and receives 1 set-cookie (gsession-0). 2. the client issues 2 requests in parallel, each with this one cookie 3. the first response contains 2 set-cookie headers (gsession-0 and gsession-1) 4. the second response contains 1 set-cookie header (gsession-0). At this point the client now has 2 cookies, but "mismatched": one from each response. The next request will fail because the concatenated result of the two cookies will not be valid. So, this change reverts the behaviour introduced in the above commit, and we now always send N set-cookie headers (where N is the configured max cookie count).
removed unneeded dependencies that were conflicting plugins
…t7 + mongodb plugin
…response is committed added support for new classes in krysessionserializer for spring security