Spring Security ServerRequestCacheWebFilter causes WebSession to be read every request

Summary

Currently the ServerRequestCacheWebFilter causes the WebSession to be read on every request. We should be able to limit this to only happening after authentication success happens.

Comment From: rwinch

One way we can do this is to cache the request in a cookie rather than the session

Comment From: jzheaux

While this is a nice feature to be able to cache the request in a cookie, is it still the case that if an application wants to cache the request in a session, the WebSession will be hit on every request? Is this something that we should address in a separate ticket?

Comment From: rwinch

The only place WebFlux support requires reading the session on every request is the request cache. This means that moving this to use a cookie will solve the problem. Another thing to point out is that we could solve this by adding a query parameter to the URL that signals a lookup should be performed.

Comment From: rwinch

This is important for the improvements to session management improvements

Comment From: rwinch

Closed via 28c0d1459cab448f1616831b60379393931a8586