Springboot集成Security+redis进行分布式会话,报错:
Your servlet container did not change the session ID when a new session was created. You will not be adequately protected against session-fixation attacks
解决办法:
HttpSession htsession = request.getSession();
htsession.invalidate();
HttpSession newsession = request.getSession(true);
security.sessionManagement().sessionFixation().none();
亲测有效。