SecurityContextHolder remains with old sessionId after login

**pavel.orehov** · Jan 5th, 2012, 04:55 AM

Hello,

I'm using Spring Security 3.0.7 in web application which runs on JBoss 6.

The problem that I'm facing is that when I access SecurityContextHolder, after user was logged-in and session was revalidated, the SecurityContextHolder still holds an old session (before revalidation).

String sessionId = ((WebAuthenticationDetails)SecurityContextHolder.g etContext().getAuthentication().getDetails()).getS essionId();

So, I have sessions inconsistency between new revalidated session, which was sent to client browser and old session which for some reason was not updated in SecurityContextHolder.

I would expect that SecurityContextHolder will hold the same session which is hold by user browser.

Thanks,
Pavel

**Rob Winch** · Jan 5th, 2012, 09:10 AM

See http://forum.springsource.org/showth...oyed-sessionId

**pavel.orehov** · Jan 5th, 2012, 09:49 AM

So, is there any other way that I can retrieve current logged-in user sessionId in a static way like from SecurityContextHolder ?

Thread: SecurityContextHolder remains with old sessionId after login

Thread Tools

Display

SecurityContextHolder remains with old sessionId after login

Tags for this Thread

Posting Permissions