I have a Spring Boot application which is always on guest mode. No login is used. The problem is that the same instance of the application is always used. If the shopping cart is filled with products its still the same when I open it from another browser or device.
How can I resolve this? Do I need to use Spring Security?
You can add spring security with permit all, no login, and it will manage your session automatically for each guest user, and will automatically add a user header JSESSIONID.
And you can tell spring to always create a user session in your web security config:
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
and if in future you will implement user authentication, you can easily limit maximum session/user by setting .maximumSessions() .
