Cookie-based Spring Security Session
If you need authentication within your Spring Boot web application, the natural choice is to use
Spring Security. It’s easy to use and, as long as you
stick close to the defaults, it’s also quite easy to configure. But, by sticking to those defaults, you will automatically
get a session that is persisted on the server-side. That’s a problem.