Stateless Spring MVC

Question

Im currently reading Spring in Action 3rd edition, and have been experimenting with Spring MVC. Everything works well, until i tried to \'port\' my example webapp to a state

Answer 1

Accidental session creation is one of the most common sources of invalid bug reports in Spring Security (hence the FAQ you linked to in your comment above).

Spring Security's debugging filter can be useful if you're having issues with session creation. It will automatically log a message when a session is created, with a stacktrace inidicating where it happened. It also provides other useful information with more human-readable output that standard log entries, so is useful in a development environment. If you're using Spring Security's namespace support, you just need to add the element

to your configuration.