DEV Community

Torsten Mandry
Torsten Mandry

Posted on

Cookie-based Spring Security Session

If you need authentication within your Spring Boot web application, the natural choice is to use
Spring Security. It's easy to use and, as long as you
stick close to the defaults, it's also quite easy to configure. But, by sticking to those defaults, you will automatically get a session that is persisted on the server-side. That's a problem if you want to run multiple instances of your application. And, additionally, it's not necessary, at least in most cases. There's another mechanism for keeping some user session state in a web application. It's called Cookie. And, instead of using it only to store a session identifier, why not let it hold the data itself. My blog post at shows, that, with some effort, it's possible to configure Spring Security to store its session information in a cookie instead of a server-side session.

Top comments (0)