SEC-2120: Include exception message in logs for IllegalStateException in HttpSessionSecurityContextRepository.SaveToSessionResponseWrapper.createNewSessionIfAllowed()

[spring-projects-issues]

alt250 (Migrated from SEC-2120) said:

IllegalStateException exception message should be logged to allow finding the root cause of hard-to-reproduce issues with session creation in this context.
The reason being that "response has been committed" is not the only possible cause.

Stack trace can also be logged in debug mode.

        try {
            return request.getSession(true);
        } catch (IllegalStateException e) {
            // Response must already be committed, therefore can't create a new session
            logger.warn("Failed to create a session, as response has been committed. Unable to store SecurityContext."); <<< add more information here
        }