Adam J.R. Erickson
Reputation: 1840
Using Spring Security Without Cookies
I need to implement session management in a Spring app for a mobile browser that doesn't support cookies. Can this be done by putting the session id in the querystring of a GET request? How do you manage this with Spring? Is there a built-in option I'm missing? Should I write my own auth filter? Are there special security issues to consider with this approach?
We're running Spring 2.0.6, so I'd be using Spring Security 2.
Upvotes: 5
Views: 2423
Answers (1)
Liam
Reputation: 2837
try using <http disable-url-rewriting="false">. This will append session id to the URL.
Upvotes: 1
Related Questions
- How to make spring boot never issue session cookie?
- How to do basic authentication using cookies in spring security?
- Authentication using cookies in spring boot
- can we avoid session hijacking using spring security?
- How to login by cookie with Spring Security?
- Spring Security session without using cookies
- Add a cookie during the Spring Security login
- Implementing Spring Security with Java Client
- Using Spring Security 3 with cookies
- Setting a cookie upon login in Spring Security 3.0