Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1724: Save the original request URL before redirecting to an invalidSessionUrl #1962

spring-issuemaster opened this Issue Apr 22, 2011 · 4 comments


None yet
1 participant

Ian Brandt (Migrated from SEC-1724) said:

Upon redirecting to a configured invalidSessionUrl SessionManagagementFilter currently does not save the original request URL to the RequestCache. If the invalidSessionUrl ultimately routes the user through a successful authentication, the SavedRequestAwareAuthenticationSuccessHandler can only redirect the user to the defaultTargetUrl.

See the linked forum reference for more details and a more specific use case.

Git merge request forthcoming...

Luke Taylor said:

Thanks for the patch. To be honest, I don't really like having the invalid-session stuff directly in the SessionManagagementFilter. I'd prefer to introduce an additional strategy which would handle this sort of thing and could encapsulate additional behaviour such as the use of the RequestCache. I will look into doing that prior to 3.1.

Ian Brandt said:

Perfect. My patch definitely has a single responsibility principle violation smell to it. As a newcomer I wasn't about to propose new API just to solve my specific issue, but if you think the additional strategy makes sense I couldn't agree more.

Luke Taylor said:

I've completed work on SEC-1754, which should allow you to plug in your own custom behaviour when an invalid session Id is detected.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.RC3 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment