Blog Post
Cookie-based Spring Security Session
If you need authentication within your Spring Boot web application, the natural choice is to use
Spring Security. It’s easy to use and, as long as you
stick close to the defaults, it’s also quite easy to configure. But, by sticking to those defaults, you will automatically
get a session that is persisted on the server-side. That’s a problem
if you want to run multiple instances of your application. And, additionally, it’s not necessary, at least in most cases.
There’s another mechanism for keeping some user session state in a web application. It’s called Cookie. And, instead of
using it only to store a session identifier, why not let it hold the data itself. This blog post shows, that, with some
effort, it’s possible to configure Spring Security to store its session information in a cookie instead of a server-side
session.
