spring security custom sessionmanagementfilter same order value error

Question

I\'m trying to customize the session management filter of Spring Security, but I get the error saying that my filter and the default one have the same \'order\' value (altho

Answer 1

I've found the solution finally. I put it here if someone is interesting.

The way to disable the default session management filter is not by removing the <session-mangement> element from <http>, but by adding it with no session fixation protection:

<session-management session-fixation-protection="none" />

This way, the default session management filter doesn't fire, and you can add your custom filter in that position with no conflict in the filter chain.

I've checked it looking at the debug logs of spring security in my webapp.

Hope it helps someone.