From 7054a128d34035638aeb5cd81a74dc4e607c11e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ciar=C3=A1n=20Ainsworth?= <cda@sporiff.dev>
Date: Mon, 24 Nov 2025 13:19:47 +0100
Subject: [PATCH] Improve session handling

---
 .../java/org/openpodcastapi/opa/config/SecurityConfig.java     | 2 +-
 src/main/resources/application.yaml                            | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/openpodcastapi/opa/config/SecurityConfig.java b/src/main/java/org/openpodcastapi/opa/config/SecurityConfig.java
index 009b6fd..afad049 100644
--- a/src/main/java/org/openpodcastapi/opa/config/SecurityConfig.java
+++ b/src/main/java/org/openpodcastapi/opa/config/SecurityConfig.java
@@ -48,7 +48,7 @@ public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws
         http
                 .csrf(csrf -> csrf.ignoringRequestMatchers("/api/**", "/docs", "/docs/**"))
                 .sessionManagement(sm -> sm
-                        .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)) // Stateless session
+                        .sessionCreationPolicy(SessionCreationPolicy.ALWAYS))
                 .authorizeHttpRequests(auth -> auth
                         .requestMatchers(publicPages).permitAll()
                         .requestMatchers(publicEndpoints).permitAll()
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index bed7284..8120227 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -32,6 +32,9 @@ spring:
     type: redis
   session:
     timeout: 7d
+    redis:
+      namespace: "spring:session"
+      flush-mode: on_save
 
 server:
   port: 8080