- secure session cookie 설정 및 same-site 설정
server.servlet.session.cookie.http-only=true
server.servlet.session.cookie.secure=true
server.servlet.session.cookie.same-site=NONE
- session control
https://www.baeldung.com/spring-security-session
Control the Session with Spring Security | Baeldung
Configure Sessions with Spring Security - set up Concurrent Sessions, enable Session Fixation Protection and prevent URLs from containing Session information.
www.baeldung.com
- 로그아웃시 사이트 정보 제거
https://www.baeldung.com/spring-security-clear-site-data-header
The Clear-Site-Data Header in Spring Security | Baeldung
Learn how to use Spring Security's with ClearSiteDataHeaderWriter to add the HTTP Clear-Site-Data response header
www.baeldung.com
'spring-security' 카테고리의 다른 글
HttpFirewall (0) | 2020.11.25 |
---|---|
spring-security autoconfiguration disable (0) | 2020.11.11 |
권한 및 로그인 후 부가작업 (0) | 2020.08.14 |
rest login & ajax login (0) | 2020.07.19 |
CSRF 관련 (0) | 2020.07.17 |