Nov 16th, 2010, 08:41 AM
How do I use Basic Authentication without creating sessions?
I have a server configured with Spring Security where the clients are authenticated using Basic Authentication. Each time a client is authenticated, Spring Security is creating a session and return it to the client as usual.
The problem is that my clients (programs) are not designed to pass the sessions back to server. Instead, they only pass back the Authorization header with the user credential values. This causes each request to be re-authenticated and Spring Security to create a brand new session for each client/server interaction. Obviously, this quickly and unnecessarily exhausts available session space in the system.
So my question is - how do I configure Spring Security to NOT create sessions at all in use cases like this? I did some searching around (including reference doc), and could not find pertaining information. Any information would be greatly appreciated.
Nov 16th, 2010, 08:30 PM
The easiest way is using the create-session attribute. If you have problems, refer to the FAQ.
Nov 17th, 2010, 07:26 AM
Thanks for the pointer.
Tags for this Thread