Disable SpringSecurity's SavedRequest storing logic

Question

We are using Spring Security for managing authentication. The issue we are seeing is that when a user\'s session is timed out between bringing up a GET form and hitting the sav

Answer 1

There are two scenarios: 1) If you want that after relogin, user should always get forwarded to the default target URL instead of the orginal requested URL then put always-use-default-target="true" in your security.xml like

 
.....

1) If you want that on session timeout after relogin, user should forward to the orginal requested URL but you do not want to resubmit the form then put session-fixation-protection="newSession" in your security.xml like

 
.....

Please put session-management tag as first line in http configuration.