Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1777: Wrong class mentioned in log message #2011

spring-issuemaster opened this Issue Jul 7, 2011 · 1 comment


None yet
2 participants

Mikhail Mazursky (Migrated from SEC-1777) said:

The log message should mention HttpSessionSecurityContextRepository class instead of HttpSessionContextIntegrationFilter.

package org.springframework.security.web.context;

public class HttpSessionSecurityContextRepository implements SecurityContextRepository {
private HttpSession createNewSessionIfAllowed(SecurityContext context) {
if (!allowSessionCreation) {
if (logger.isDebugEnabled()) {
logger.debug("The HttpSession is currently null, and the "
+ "HttpSessionContextIntegrationFilter is prohibited from creating an HttpSession "
+ "(because the allowSessionCreation property is false) - SecurityContext thus not "
+ "stored for next request");

            return null;


Rob Winch said:

Thank you for taking the time to report this issue. A fix has been pushed out.

@spring-issuemaster spring-issuemaster added this to the 3.1.0.RC3 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment