spring-security not invalidating http sessions

I have a soap web service and i implemented a spring security authentication.

I generated a client which is used in the front end.

My problem is that each time the client makes a request the web-service generates a session and than the session just stays there, session never gets invalidated.

Here is my part of web.xml file:

<session-config> <session-timeout>1</session-timeout> </session-config>

What I need is that the session should get invalidated after each request.

Answers


Spring security http element has a attribute 'create-session' which can be set to 'stateless' after which a session will never be created.

E.g.

<http pattern="/restful/**" create-session="stateless">
  <intercept-url pattern='/**' access='ROLE_REMOTE' />
  <http-basic />
</http>

Documentation here:


Need Your Help

li-tags are vertically aligned in ul-tag but not the text itself

html css

My pen: http://codepen.io/helloworld/pen/pCdBe

Fetching Zend Framework's Database Session Data when not logged in

php zend-framework

I haven't been able to find any clear information on how to extract the session data that's inserted automatically by php upon visiting a page for the first time.

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.