spring-security
session control(secure cookie & same-site) & 로그아웃시 사이트 정보 제거
張's blog
2020. 8. 27. 00:09
- secure session cookie 설정 및 same-site 설정
server.servlet.session.cookie.http-only=true
server.servlet.session.cookie.secure=true
server.servlet.session.cookie.same-site=NONE
- session control
https://www.baeldung.com/spring-security-session
Control the Session with Spring Security | Baeldung
Configure Sessions with Spring Security - set up Concurrent Sessions, enable Session Fixation Protection and prevent URLs from containing Session information.
www.baeldung.com
- 로그아웃시 사이트 정보 제거
https://www.baeldung.com/spring-security-clear-site-data-header
The Clear-Site-Data Header in Spring Security | Baeldung
Learn how to use Spring Security's with ClearSiteDataHeaderWriter to add the HTTP Clear-Site-Data response header
www.baeldung.com