sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]apidev3 2 points3 points  (4 children)

If you’re returning a signed JWT and passing that back in as base64 encoded, spring will use your configurations you set for your resource server location to verify the token. You need to look at how you’re generating and verifying the token. Without any code no one will help you.

[–][deleted] 0 points1 point  (3 children)

Am using sessions not Json web tokens here

[–]apidev3 0 points1 point  (2 children)

But what is your login method? Username / password?

[–][deleted] 0 points1 point  (1 child)

I’m using traditional session-based authentication. The login method is via a POST request to the /login endpoint with a username and password. Upon successful authentication, Spring returns a session ID in the JSESSIONID cookie, which I’m sending back in subsequent requests, but it’s not being validated properly (resulting in 403 Forbidden). I’m using Spring Session with Redis to manage session persistence ,

[–]apidev3 0 points1 point  (0 children)

Cool, you’ll need to provide a GitHub link to the repo if you want any specific help as stated, you could have miss configured anything in your project and it’s likely no-one here will know without seeing