Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-1894: Add XML support for configuring custom InvalidSessionStrategy #2121

spring-projects-issues opened this issue Jan 19, 2012 · 1 comment
in: core status: ideal-for-contribution type: enhancement type: jira


Copy link

spring-projects-issues commented Jan 19, 2012

Victor Polischuk (Migrated from SEC-1894) said:

There is no simple way to setup custom strategy on session invalidation. While SessionManagementFilter has setter for InvalidSessionStrategy - it cannot be used in XML configuration.

It would be great if recognized "invalid-session-strategy-ref" option, like "session-authentication-strategy-ref" which is already implemented.

Related gh-2000

@spring-projects-issues spring-projects-issues added in: core Open type: enhancement type: jira labels Feb 5, 2016
Copy link

djechelon commented Sep 21, 2016

Upvoted because I am currently blocked. With Security 4.1.3 I can't send AJAX-aware errors to POST requests without reconfiguring the invalid session strategy.

I have investigated and the CsrfFilter is injected with a DelegatingAccessDeniedHandler that is pre-populated with a map of access denied handlers.

Currently the map contains only a mapping between MissingCsrfTokenException.class and an invalidSessionDeniedHandler that ultimately is a redirect.

The result is that in my setup (CSRF enabled and custom authentication failure handler) I cannot send a proper AJAX response to invalid CSRF, which occurs when a session expires.

@rwinch rwinch removed the Open label May 3, 2019
@rwinch rwinch added this to the 5.6.x milestone May 25, 2021
@rwinch rwinch added the status: ideal-for-contribution label May 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
in: core status: ideal-for-contribution type: enhancement type: jira
None yet

No branches or pull requests

3 participants