Spring Security processAutoLoginCookie Concurrency problem - Inconsistent token value

Thanks for all the great work, just a minor problem maybe worth mentioning.

Setup I have spring-boot app using spring-security with token based authentication(tomcat) on the backend and using angular in the frontend. I have run the following on linux and osx with different results. Both are tomcat 8.0.20 and both run jdk 1.8. (Copied the osx tomcat to linux so it must be the same config)

Problem When the angular app refreshes, many requests are being made async by the browser,(eg jpg,css,html,rest via angular $resource ) so the server is hit with a a bunch of requests that require auth, and if the token is expired, each request will think it is the one that needs to update the token. There seem to be difference successive calls for SecurityContextHolder populated with remember-me token on linux (more than once) vs osx (once which is correct).

The important point here is the RememberMeAuthenticationFilter running linux something with SecurityContextHolder.getContext().getAuthentication() must be null for linux only? Any help on why this is happening under linux only. I have also checked for any other spring-security jars in the path.

Example Linux Ubuntu 14 LTS - (Fail)

8:49.901 [http-nio-8080-exec-1] DEBUG o.s.s.web.FilterChainProxy - /index.html has an empty filter list
8:50.333 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 1 of 17 in additional filter chain; firing Filter: 'SessionRepositoryFilter'
8:50.333 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 2 of 17 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
8:50.334 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 3 of 17 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
8:50.339 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 4 of 17 in additional filter chain; firing Filter: 'HeaderWriterFilter'
8:50.340 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 5 of 17 in additional filter chain; firing Filter: 'CsrfFilter'
8:50.342 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 6 of 17 in additional filter chain; firing Filter: 'CsrfHeaderFilter'
8:50.346 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 7 of 17 in additional filter chain; firing Filter: 'LogoutFilter'
8:50.346 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 8 of 17 in additional filter chain; firing Filter: 'SocialAuthenticationFilter'
8:50.347 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 9 of 17 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
8:50.347 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 10 of 17 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
8:50.347 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 11 of 17 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
8:50.347 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 12 of 17 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
8:50.349 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 13 of 17 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
8:50.350 [http-nio-8080-exec-2] DEBUG c.n.s.CustomRememberMeServices - Remember-me cookie detected
8:50.362 [http-nio-8080-exec-2] INFO  c.n.s.CustomRememberMeServices - presentedToken=3WF2WeukwKftAJSmqcszXw== / tokenValue=3WF2WeukwKftAJSmqcszXw==
8:50.363 [http-nio-8080-exec-2] DEBUG c.n.s.CustomRememberMeServices - Refreshing persistent login token for user '40d6cf70-eb0d-11e5-ab27-b70af1cf561b', series 'hCAg3qoZszR44Sl+3bwrbA=='
8:50.396 [http-nio-8080-exec-2] DEBUG c.n.s.CustomRememberMeServices - Remember-me cookie accepted
8:50.399 [http-nio-8080-exec-2] DEBUG o.s.s.w.a.r.RememberMeAuthenticationFilter - SecurityContextHolder populated with remember-me token: 'org.springframework.security.authentication.RememberMeAuthenticationToken@b7f4d9ef: Principal: domain.entity.UserAccount@1265b812; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 10.0.1.97; SessionId: e095429c-8f02-45e8-a1be-4c05d453213c; Granted Authorities: domain.entity.UserAccount$1@5a6e9e39'
8:50.400 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 14 of 17 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
8:50.400 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 15 of 17 in additional filter chain; firing Filter: 'SessionManagementFilter'
8:50.401 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 16 of 17 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
8:50.402 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 17 of 17 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
8:50.407 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me reached end of additional filter chain; proceeding with original chain
8:50.473 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 1 of 17 in additional filter chain; firing Filter: 'SessionRepositoryFilter'
8:50.473 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 2 of 17 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
8:50.473 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 3 of 17 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
8:50.473 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 4 of 17 in additional filter chain; firing Filter: 'HeaderWriterFilter'
8:50.474 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 5 of 17 in additional filter chain; firing Filter: 'CsrfFilter'
8:50.474 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 6 of 17 in additional filter chain; firing Filter: 'CsrfHeaderFilter'
8:50.475 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 7 of 17 in additional filter chain; firing Filter: 'LogoutFilter'
8:50.475 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 8 of 17 in additional filter chain; firing Filter: 'SocialAuthenticationFilter'
8:50.476 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 9 of 17 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
8:50.476 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 10 of 17 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
8:50.476 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 11 of 17 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
8:50.476 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 12 of 17 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
8:50.477 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 13 of 17 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
8:50.477 [http-nio-8080-exec-3] DEBUG c.n.s.CustomRememberMeServices - Remember-me cookie detected
8:50.479 [http-nio-8080-exec-3] INFO  c.n.s.CustomRememberMeServices - presentedToken=3WF2WeukwKftAJSmqcszXw== / tokenValue=3WF2WeukwKftAJSmqcszXw==
8:50.480 [http-nio-8080-exec-3] DEBUG c.n.s.CustomRememberMeServices - Refreshing persistent login token for user '40d6cf70-eb0d-11e5-ab27-b70af1cf561b', series 'hCAg3qoZszR44Sl+3bwrbA=='
8:50.485 [http-nio-8080-exec-3] DEBUG c.n.s.CustomRememberMeServices - Remember-me cookie accepted
8:50.485 [http-nio-8080-exec-3] DEBUG o.s.s.w.a.r.RememberMeAuthenticationFilter - SecurityContextHolder populated with remember-me token: 'org.springframework.security.authentication.RememberMeAuthenticationToken@9ed6e93a: Principal: domain.entity.UserAccount@3e0ca486; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@166c8: RemoteIpAddress: 10.0.1.97; SessionId: 7f178f7e-9deb-48a8-8cb0-11fdc0cfbb7c; Granted Authorities: domain.entity.UserAccount$1@5f24d4b0'
8:50.485 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 14 of 17 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
8:50.485 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 15 of 17 in additional filter chain; firing Filter: 'SessionManagementFilter'
8:50.486 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 16 of 17 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
8:50.486 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 17 of 17 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
8:50.487 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html reached end of additional filter chain; proceeding with original chain
8:50.532 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/dashboard-welcome.html at position 1 of 17 in additional filter chain; firing Filter: 'SessionRepositoryFilter'
8:50.532 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/dashboard-welcome.html at position 2 of 17 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
8:50.532 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/dashboard-welcome.html at position 3 of 17 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
8:50.532 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/dashboard-welcome.html at position 4 of 17 in additional filter chain; firing Filter: 'HeaderWriterFilter'
8:50.533 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/dashboard-welcome.html at position 5 of 17 in additional filter chain; firing Filter: 'CsrfFilter'
8:50.533 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/dashboard-welcome.html at position 6 of 17 in additional filter chain; firing Filter: 'CsrfHeaderFilter'
8:50.534 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/dashboard-welcome.html at position 7 of 17 in additional filter chain; firing Filter: 'LogoutFilter'
8:50.534 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/dashboard-welcome.html at position 8 of 17 in additional filter chain; firing Filter: 'SocialAuthenticationFilter'
8:50.534 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/dashboard-welcome.html at position 9 of 17 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
8:50.534 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/dashboard-welcome.html at position 10 of 17 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
8:50.534 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/dashboard-welcome.html at position 11 of 17 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
8:50.535 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/dashboard-welcome.html at position 12 of 17 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
8:50.535 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/dashboard-welcome.html at position 13 of 17 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
8:50.535 [http-nio-8080-exec-4] DEBUG c.n.s.CustomRememberMeServices - Remember-me cookie detected
8:50.538 [http-nio-8080-exec-4] INFO  c.n.s.CustomRememberMeServices - presentedToken=d8KmezDzDWY5qDmnpkwv7g== / tokenValue=3WF2WeukwKftAJSmqcszXw==
8:50.551 [http-nio-8080-exec-4] DEBUG c.n.s.CustomRememberMeServices - Cancelling cookie
8:50.557 [http-nio-8080-exec-4] ERROR o.s.b.c.web.ErrorPageFilter - Forwarding to error page from request [/views/dashboard/dashboard-welcome.html] due to exception [Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.]

* Same exact code Example OSX 10.11 (Success)*

43.271 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 1 of 17 in additional filter chain; firing Filter: 'SessionRepositoryFilter'
43.271 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 2 of 17 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
43.271 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 3 of 17 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
43.272 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 4 of 17 in additional filter chain; firing Filter: 'HeaderWriterFilter'
43.272 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 5 of 17 in additional filter chain; firing Filter: 'CsrfFilter'
43.273 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 6 of 17 in additional filter chain; firing Filter: 'CsrfHeaderFilter'
43.273 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 7 of 17 in additional filter chain; firing Filter: 'LogoutFilter'
43.273 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 8 of 17 in additional filter chain; firing Filter: 'SocialAuthenticationFilter'
43.273 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 9 of 17 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
43.273 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 10 of 17 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
43.273 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 11 of 17 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
43.273 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 12 of 17 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
43.273 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 13 of 17 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
43.273 [http-nio-8080-exec-4] DEBUG c.n.s.CustomRememberMeServices - Remember-me cookie detected
43.279 [http-nio-8080-exec-4] INFO  c.n.s.CustomRememberMeServices - presentedToken=3Ifnd+Wlk+NfrFiMI1/CSA== / tokenValue=3Ifnd+Wlk+NfrFiMI1/CSA==
43.279 [http-nio-8080-exec-4] DEBUG c.n.s.CustomRememberMeServices - Refreshing persistent login token for user '99b83c60-e4e5-11e5-9e25-7d115cec7b94', series 'dItXFSVFDGUXEFvORjY0Hw=='
43.281 [http-nio-8080-exec-9] DEBUG o.s.s.web.FilterChainProxy - /bower_components/sockjs-client/dist/sockjs.min.js has an empty filter list
43.281 [http-nio-8080-exec-7] DEBUG o.s.s.web.FilterChainProxy - /bower_components/ngQueue/ngQueue.min.js has an empty filter list
43.281 [http-nio-8080-exec-6] DEBUG o.s.s.web.FilterChainProxy - /scripts/controllers/_common.js has an empty filter list
43.283 [http-nio-8080-exec-3] DEBUG o.s.s.web.FilterChainProxy - /bower_components/ng-file-upload/ng-file-upload.min.js has an empty filter list
43.283 [http-nio-8080-exec-2] DEBUG o.s.s.web.FilterChainProxy - /js/moment.min.js has an empty filter list
43.287 [http-nio-8080-exec-8] DEBUG o.s.s.web.FilterChainProxy - /scripts/controllers/watchlist.js has an empty filter list
43.296 [achilles-default-executor-2] INFO  c.n.s.CustomRememberMeServices - --Updated series/token dItXFSVFDGUXEFvORjY0Hw== / mrCFnefzdeBTvV+1Kslo9w==
43.298 [http-nio-8080-exec-4] DEBUG c.n.s.CustomRememberMeServices - Remember-me cookie accepted
43.299 [http-nio-8080-exec-4] DEBUG o.s.s.w.a.r.RememberMeAuthenticationFilter - SecurityContextHolder populated with remember-me token: 'org.springframework.security.authentication.RememberMeAuthenticationToken@f98b2bf6: Principal: domain.entity.UserAccount@4b069562; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2c7a2ac6-c846-41b1-b75d-d014839ccc36; Granted Authorities: domain.entity.UserAccount$1@4d724150'
43.299 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 14 of 17 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
43.299 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 15 of 17 in additional filter chain; firing Filter: 'SessionManagementFilter'
43.301 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 16 of 17 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
43.301 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me at position 17 of 17 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
43.301 [http-nio-8080-exec-4] DEBUG o.s.s.web.FilterChainProxy - /api/remember-me reached end of additional filter chain; proceeding with original chain
43.367 [http-nio-8080-exec-1] DEBUG o.s.s.web.FilterChainProxy - /bower_components/stomp-websocket/lib/stomp.min.js has an empty filter list
43.367 [http-nio-8080-exec-10] DEBUG o.s.s.web.FilterChainProxy - /bower_components/angular-moment/angular-moment.min.js has an empty filter list
43.380 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 1 of 17 in additional filter chain; firing Filter: 'SessionRepositoryFilter'
43.380 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 2 of 17 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
43.380 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 3 of 17 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
43.381 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 4 of 17 in additional filter chain; firing Filter: 'HeaderWriterFilter'
43.381 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 5 of 17 in additional filter chain; firing Filter: 'CsrfFilter'
43.381 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 6 of 17 in additional filter chain; firing Filter: 'CsrfHeaderFilter'
43.381 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 7 of 17 in additional filter chain; firing Filter: 'LogoutFilter'
43.381 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 8 of 17 in additional filter chain; firing Filter: 'SocialAuthenticationFilter'
43.381 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 9 of 17 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
43.381 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 10 of 17 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
43.381 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 11 of 17 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
43.381 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 12 of 17 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
43.381 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 13 of 17 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter'
43.381 [http-nio-8080-exec-5] DEBUG o.s.s.w.a.r.RememberMeAuthenticationFilter - SecurityContextHolder not populated with remember-me token, as it already contained: 'org.springframework.security.authentication.RememberMeAuthenticationToken@dbffc2e7: Principal: domain.entity.UserAccount@4203dbf4; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2c7a2ac6-c846-41b1-b75d-d014839ccc36; Granted Authorities: domain.entity.UserAccount$1@6603e6d7'
43.381 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 14 of 17 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
43.381 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 15 of 17 in additional filter chain; firing Filter: 'SessionManagementFilter'
43.381 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 16 of 17 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
43.381 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html at position 17 of 17 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
43.382 [http-nio-8080-exec-5] DEBUG o.s.s.web.FilterChainProxy - /views/dashboard/_common.html reached end of additional filter chain; proceeding with original chain

Final Thoughts It may be something odd with the server configuration or how the Filter Chain, I will do some more investigation, glancing at the code for AbstractRememberMeServices.autoLogin() does not check for a current login, but that should be handled by the RememberMeAuthenticationFilter

-Jim

Comment From: marcusdacoregio

This seems to be a duplicate of https://github.com/spring-projects/spring-security/issues/2648