Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
SEC-1424: Add new option create-session="stateless" #1667
create-session="stateless" would mean that the application guarantees that no session will be created. In this case, we should be able to use a null RequestCache in the ExceptionTranslationFilter and remove the RequestCacheFilter and SessionManagementFilter from the stack.
This differs from the existing create-session="never" which means that Spring Security will not create a session, but will use an existing one if the application creates it.