Hi,
while working on my own Spring / Vaadin 10 application I wanted to include Spring Security as the security framwork and as it is used in the full stack bakery app I did it the way it is implemented there.
Now that I’m finished with implementing Spring Security in my app I recognized a behaviour from which I thought it is “wrong”. But then I compared it with bakery and the behavior is the same:
After starting the app (spring-boot run) and calling localhost:8080 after logging in I open a new browser tab, enter localhost:8080, press enter and I am still logged in in that 2nd tab. This might be okay. But even if I open a anonymous tab in the browser and call localhost:8080 I am still logged in, even in the anonymous window/tab. I have to close all anonymous and non-anonymous tabs of my browser and then when opening the browser again and calling localhost:8080 I am landing on the login page again.
Is that a wanted/intended behaviour?
I thought when opening a new anonymous browser tab and calling localhost:8080 I would get a new session and so had to relogin.