I have a Spring-AngularJS application. The primary issue is that I get logged out immediately after getting logged in. This issue happens only on few Firefox versions (35.0.1 for example)
After investigating a bit into the issue, I figured out the following:
- First call to Spring security after login provides us the response cookie
GET /login
Request Cookie: BBBBBB
Response cookie: AAAAAA
Since the /login is a redirect (302) to the home page, below is the first request after login
- GET /#/
Request cookie: AAAAAA
- Next, a few request for resources are requested (e.g. css, etc)
GET /resources/abc.min.css
Request cookie: CCCCCC
GET /resources/pqr.min.css
Request cookie: CCCCCC
As you can see above, the request cookie is updated (I have no idea where is it coming from).
- After this, we request the Spring API to fetch user information Spring immediately rejects this cause it thinks the session is invalid.
To provide more information on our server architecture, we have our application WAR in Tomcat 7 which is behind Apache server. A load balancer is on top of the apache server performing the load balancing.
Could someone shed some light on this? Any help would be great!
Thank You!
One thing that may be causing this is if you have mixed secure/non-secure content. Your http requests will have a different session cookie than your https requests.