The following error occurs when trying to access after session timeout in the environment where Spring Security is installed.
This occurs because the Http session is used as the save destination of the CSRF token when checking the CSRF token in the CSRF countermeasure of Spring Security.
To prevent this, it is possible to specify the transition destination at the time of session timeout in invalueSessionUrl () as shown in the following code.
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().invalidSessionUrl("/timeout");
}
}
Recommended Posts