Improve session handling (#20)

Sporiff · web-flow · commit 7a63499d449b · 2025-11-24T12:21:42.000Z
diff --git a/src/main/java/org/openpodcastapi/opa/config/SecurityConfig.java b/src/main/java/org/openpodcastapi/opa/config/SecurityConfig.java
@@ -48,7 +48,7 @@ public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws
         http
                 .csrf(csrf -> csrf.ignoringRequestMatchers("/api/**", "/docs", "/docs/**"))
                 .sessionManagement(sm -> sm
-                        .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)) // Stateless session
+                        .sessionCreationPolicy(SessionCreationPolicy.ALWAYS))
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers(publicPages).permitAll()
                         .requestMatchers(publicEndpoints).permitAll()
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
@@ -32,6 +32,9 @@ spring:
     type: redis
   session:
     timeout: 7d
+    redis:
+      namespace: "spring:session"
+      flush-mode: on_save
 
 server:
   port: 8080
