We've created an application that mimics the Spring Security - API Gate Pattern tutorial (https://spring.io/guides/tutorials/spring-security-and-angular-js/#_the_api_gateway_pattern_angular_js_and_spring_security_part_iv). The only variation is that we're using a MySQL database rather than Redis.
Using localhost:8080 as the root, we have localhost:8080/login (login page), localhost:8080/ui (jQuery client), and localhost:8080/api (restful web services, business logic, etc.)
We're finding session handling and forwarding to the various entities works as expected. Meaning the session gets created as expected, forwarding is happening as expected, etc. There is one exception. If I log in, then log out, then go directly to localhost:8080/ui it'll forward me to the login page. You login, and it forwards you back to the localhost:8080/ui, but will display "ACCESS DENIED"!
After tracking the sessions in the database and client I've found that there are two sessions that exist in the database. One with permissions and one without. The client retains the one without!
Has anyone else run into this problem? Is there a way to circumvent this?
Here's a list steps I went through, the database session tracking, and client verification.
session_id principal_name Client ------------------------------------------------------------ 1) go to localhost:8080 9229045c-27e0-410a-8711-45c56576d647 - X 2) login 2275db1c-fca4-4a2f-be73-e440599499d6 root X 3) logout cc917e68-b1c0-46a4-bbe3-6705ccf7a5fa - X 4) go to localhost:8080/ui --> forwards to localhost:8080/login cc917e68-b1c0-46a4-bbe3-6705ccf7a5fa - X 5) login -> forwards to localhost:8080/ui -> Access Denied 90d7931d-b265-42e2-a225-286bcf7d159c - XSee Question&Answers more detail:os
d2fae0ac-9cf9-4287-8e38-51f64b0ab28d root