diff --git a/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java b/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java index 72039a11..c64b802c 100644 --- a/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java +++ b/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java @@ -55,6 +55,11 @@ import org.springframework.session.SessionRepository; *
  • The client is notified that the session id is no longer valid with {@link HttpSessionStrategy#onInvalidateSession(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)}
  • * * + *

    + * The SessionRepositoryFilter must be placed before any Filter that access the HttpSession or that might commit the response + * to ensure the session is overridden and persisted properly. + *

    + * * @since 1.0 * @author Rob Winch */