Jan 5th, 2012, 04:55 AM
SecurityContextHolder remains with old sessionId after login
I'm using Spring Security 3.0.7 in web application which runs on JBoss 6.
The problem that I'm facing is that when I access SecurityContextHolder, after user was logged-in and session was revalidated, the SecurityContextHolder still holds an old session (before revalidation).
String sessionId = ((WebAuthenticationDetails)SecurityContextHolder.g etContext().getAuthentication().getDetails()).getS essionId();
So, I have sessions inconsistency between new revalidated session, which was sent to client browser and old session which for some reason was not updated in SecurityContextHolder.
I would expect that SecurityContextHolder will hold the same session which is hold by user browser.
Last edited by pavel.orehov; Jan 5th, 2012 at 05:05 AM.
Jan 5th, 2012, 09:10 AM
Jan 5th, 2012, 09:49 AM
So, is there any other way that I can retrieve current logged-in user sessionId in a static way like from SecurityContextHolder ?
Tags for this Thread