springsessionspring-mvcspring-security

What is "SessionManagementFilter - Requested session ID XXX is invalid" in Spring?


I have seen this sometimes in the debug for example,

DEBUG 2012-11-15 08:58:26: org.springframework.security.web.session.SessionManagementFilter - Requested session ID198F14EA1B74CB1377D895C812345678 is invalid.

Can anyone explain what it means, and what causes it happens? (Sorry for asking the basic question.)

Thanks


Solution

  • It means that the http session that has been requested has become invalidated. This is usually due to a timeout i.e. it's been too long since the last time that session has been used and it's been thrown away. In more practical terms, this usually happens because the browser you're connecting with has been left alone for too long.

    You can configure the behaviour you want to see when this happens by setting an InvalidSessionStrategy on the filter.