Recently in one of our projects, we added "<session-management invalid-session-url="/logout" />" to Spring security under <http> element and since then we started seeing a behavior, only when using multiple tabs on browsers.
When we start our application, on a browser tab in either FireFox or Internet Explorer, and we close the tab later and restart the application again in another tab, instead of the desired page, the spring is throwing us to /logout which I believe is due to the "invalid-session-url" added to spring security. But when we clear the history and cache and start over, it is working fine. Or if we start on a fresh browser (not tab) every time we do this, still it is working fine. Only when we start the application on a new tab, it is failing. So may be when the tab is closed, it is not closing the session, and we really do not need a session for our application to start with. May be this is more of a browser behavior , but does spring offer any tweaks to handle this situation. or may be I have completely misunderstood about "invalid-session-url". Either way, could some one guide me here ?