Hi folks, I think I made some progress ... I did debug the server side and the problem wasn't the SpringSecutiry or the Royale configuration. I was using a Chrome with all security disabled to allow communicating from a "file://" url to a "http://"; url to simplify debugging. If you do this no Cookies are used (which totally makes sense) and therefore for every request a new session is generated.
If I run the application in a normal chrome from "http://localhost:8080"; it seems everything works nicely. Now I have to find out how I can simplify my development workflow :-/ Chris Am 19.08.20, 09:37 schrieb "Christofer Dutz" <christofer.d...@c-ware.de>: Hi folks. So I’m currently porting my old Flex-Based framework to Royale and making some progress. While at it I’m also updating my Spring-based backend to the latest changes in Spring, SpringBoot and SpringSecutiry. A lot of things have become a lot simpler and most of the obstacles I had to jump 8 years ago seem to have been solved :-) One thing I’m currently having a little trouble with is: I create a ChannelSet in my Royale application and connect to BlazeDS without any trouble. As soon as I login on the channel set, I managed to link BlazeDS and SpringSecutiry to I correctly login in SpringSecurity. Problem is, as soon as you log in to SpringSecutiry, this creates a new http-session and invalidates the old one. Now as soon as I try to do something after logging in, I get a “DuplicateSession” error as the FlexClient is now tied to two sessions. Have you had the same problem and what was your solution to it? I don’t want to tell SpringSecurity not to create a new session as this actually makes a lot of sense from a security perspective. Chris
