Basically trying to figure out how a spring boot application implemented in Kotlin I am currently working on functions. I seeing the SecurityConfig create the securityFilterChain with the HttpSecurity object but in the application.yaml .sessionManagement().sessionCreationPolicy(STATELESS) oddly the application.yaml has spring.session.store-type=redis which to me seems at odds.In the Controller there is code to operate on the object returned by HttpServletRequest.getSession(false).
This is where my question arises. Is the servlet/application session managed completely outside of spring boot or is the spring.session.store-type-redis overriding the SessionCreationPolicy=stateless some how? Would RedisIndexedSessionRepository or the then be managing/maintaining the Spring Sessions, meaning the FindByIndexNameSessionRepository interface would be operable?
Not entirely sure how the two values interact, I ask because I am working on a Kafka consumer within the application that needs to update the session principal/attribute specific to the sessionid.