SEC-2422: Session timeout not detected when enable CSRF protection #2642
settings is following:
Detected the session time-out when called GET method, but not detected session time-out when called POST method.
This behavior are best practice in the spring security?
Also When called POST method, i wanted to detect the session time-out.
The text was updated successfully, but these errors were encountered: