SEC-1353: SessionManagementFilter can invoke other filters after sending redirect #1597

spring-issuemaster opened this Issue Jan 6, 2010 · 1 comment


None yet

2 participants


Artem Anisimov (Migrated from SEC-1353) said:

SessionManagementFilter::doFilter() fails to stop request processing in branch "No security context or authentication present" (at More precisely, it does not return after calling redirectStrategy.sendRedirect(), but passes to the next filter.

This causes an error if there are controllers that define methods taking a HttpSession argument, because in this case AnnotationMethodHandlerAdapter attempts to call request.getSession(), which is not permitted after a redirect had been sent.

@spring-issuemaster spring-issuemaster added this to the 3.0.1 milestone Feb 5, 2016
Spring member

This issue duplicates #1578

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment