Spring-Security 5.0.0 STATELESS session

Question

I have a simple application that uses spring security to authenticate over LDAP. My Config is as follows

http
               .csrf()
               .disable();
       http
               .authorizeRequests()
               .mvcMatchers("/helloworld")
               .permitAll()
               .anyRequest()
               .authenticated()
               .and()
               .httpBasic()
               .and()
               .sessionManagement()
               .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

After login, I have a page that is build using an .xsl file that has a refresh mechanism at every 60 seconds. The refresh works but at some point, after couple of minutes, the popup for authentication is requested again. Why is this happening? Thank you and appreciate the response.

sounds weird! (but check your tomcat session/xsl caching timeouts (to match against "a couple of minutes")) and [this](https://stackoverflow.com/q/37820315/592355) looks related/shows a very detailed config. — xerx593, Jun 24 '21 at 13:05
spring-boot/tomcat(/web.xml) default is: 30 minutes (session timeout) — xerx593, Jun 24 '21 at 13:06
thanks for the answer. XSL, doesn't have a cache timeout. The refresh basically it only calls my rest controller once again, and for some reason after two or 3 minutes, login popup shows again. I need to login again and the story continues. — freecoderw, Jun 24 '21 at 13:43

Spring-Security 5.0.0 STATELESS session

0 Answers0