These are chat archives for spring-cloud/spring-cloud
Found the problem I think.
When calling the resource server it’s calling ChangeSessionIdAuthenticationStrategy.
And if I have multiple ajax requests on the go to the same server, one of the requests will come first and return a Set-Cookie changing the session id. And if the other requests have already been asked, they have the wrong session id, since it’s been changed.
I know the ChangeSessionIdAuthenticationStrategy is there to help prevent session fixation. but is there a work around?
I think i figured it out. since the Resource server is stateless, but the SSO isn’t, i needed to add
to the @EnableResourceServer config otherwise it was interfering with the sso session