jesse-gallagher
commented
5 years ago It looks like there are at least two culprits that end up spawning a Servlet session currently:
- Darwino, via form-based auth
- Krazo, for its CSRF filter
Closed jesse-gallagher closed 5 years ago
jesse-gallagher
commented
5 years ago It looks like there are at least two culprits that end up spawning a Servlet session currently:
The only way it's used in the app is for logged-in users - ideally, it wouldn't send any cookies at all for anonymous users.