You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Environment: Spring-Boot 2.1.9 with Thymeleaf 2.1.9.
Problem
The following error: Cannot create a session after the response has been committed occurred while handling parallel requests with SessionCreationPolicy.ifRequired (default).
Solution
Setting SessionCreationPolicy to always fixes the problem.
We assume that the automatic injection of the csrf token into a form (handled during template rendering with Thymeleaf) leads to a race condition which sometimes will be persisted after the response chain is executed. Thus no session for persisting the csrf token. We are not quite sure whether this is a bug of Thymeleaf, Spring-Boot or the pure Spring-Security framework.
Nonetheless as we assume that this bug may occur to multiple organisation we want to raise awareness of such an issue.
The text was updated successfully, but these errors were encountered:
Configuration
Environment: Spring-Boot
2.1.9with Thymeleaf2.1.9.Problem
The following error:
Cannot create a session after the response has been committedoccurred while handling parallel requests withSessionCreationPolicy.ifRequired(default).Solution
Setting
SessionCreationPolicytoalwaysfixes the problem.We assume that the automatic injection of the csrf token into a form (handled during template rendering with Thymeleaf) leads to a race condition which sometimes will be persisted after the response chain is executed. Thus no session for persisting the csrf token. We are not quite sure whether this is a bug of Thymeleaf, Spring-Boot or the pure Spring-Security framework.
Nonetheless as we assume that this bug may occur to multiple organisation we want to raise awareness of such an issue.
The text was updated successfully, but these errors were encountered: