when using Spring Boot Security, by Bydefault JSESSIONID comes in the response header as a cookie when any API is invoked by the client.
http.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
after getting the request authenticated. spring by Bydefault sends this JSESSIONID in response header cookie.
Then the client invokes subsequent API calls and sends this JSESSIONID in the request header as a cookie for API to be authenticated using JSESSIONID by Spring Boot Security.
I want to configure Spring Boot Security in such a way that Spring Boot does not send JSESSIONID as a cookie header, but instead sends JSESSIONID in the header as JSESSIONID:<JSESSIONID-value>.
then when the client invokes the next Spring Boot Security process this JSESSIONID from the header identifies if the session is already authenticated.