Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1353: SessionManagementFilter can invoke other filters after sending redirect #1597

spring-issuemaster opened this Issue Jan 6, 2010 · 1 comment


None yet
2 participants

Artem Anisimov (Migrated from SEC-1353) said:

SessionManagementFilter::doFilter() fails to stop request processing in branch "No security context or authentication present" (at SessionManagementFilter.java:89). More precisely, it does not return after calling redirectStrategy.sendRedirect(), but passes to the next filter.

This causes an error if there are controllers that define methods taking a HttpSession argument, because in this case AnnotationMethodHandlerAdapter attempts to call request.getSession(), which is not permitted after a redirect had been sent.

@spring-issuemaster spring-issuemaster added this to the 3.0.1 milestone Feb 5, 2016


rwinch commented Feb 6, 2016

This issue duplicates #1578

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment