In my web app I have form-login for users and basic authentication for server-to-server API calls. Basic auth flow is stateless but form-login is not. When some one requests API with basic auth I got following warning in logs
Failed to create a session, as response has been committed.
After some research I found few topics with suggestion to use NullSecurityContextRepository or set <http create-session='never' /> I cannot use these solutions since it will break the form login flow.
How can I disable session creation only in basic auth flow?
Thanks
Aucun commentaire:
Enregistrer un commentaire