From f633037d6b2ebe903bf05f235f7f0ba8cd8f1eb5 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Wed, 29 Jul 2015 11:22:57 -0500 Subject: [PATCH] Document SessionRepsitoryFilter ordering Fixes gh-172 --- .../session/web/http/SessionRepositoryFilter.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java b/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java index 72039a11..c64b802c 100644 --- a/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java +++ b/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java @@ -55,6 +55,11 @@ import org.springframework.session.SessionRepository; *
  • The client is notified that the session id is no longer valid with {@link HttpSessionStrategy#onInvalidateSession(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)}
  • * * + *

    + * The SessionRepositoryFilter must be placed before any Filter that access the HttpSession or that might commit the response + * to ensure the session is overridden and persisted properly. + *

    + * * @since 1.0 * @author Rob Winch */