You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
+3-2Lines changed: 3 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -199,8 +199,9 @@ public SessionManagementConfigurer<H> sessionAuthenticationFailureHandler(
199
199
/**
200
200
* If set to true, allows HTTP sessions to be rewritten in the URLs when using
201
201
* {@link HttpServletResponse#encodeRedirectURL(String)} or
202
-
* {@link HttpServletResponse#encodeURL(String)}, otherwise disallows HTTP sessions to
203
-
* be included in the URL. This prevents leaking information to external domains.
202
+
* {@link HttpServletResponse#encodeURL(String)}, otherwise disallows all URL
203
+
* rewriting, including resource chain functionality.
204
+
* This prevents leaking information to external domains.
204
205
* @param enableSessionUrlRewriting true if should allow the JSESSIONID to be
205
206
* rewritten into the URLs, else false (default)
206
207
* @return the {@link SessionManagementConfigurer} for further customization
0 commit comments