When server is restarted while being logged in. Sometimes it's fail to login again. It's because some session and related cookie are remained in the spring security context.
I found following line in applicationContext-security.xml
<session-management invalid-session-url="/login" session-fixation-protection="migrateSession" />
- Indicates whether an existing session should be invalidated when a user authenticates and a new session
started. If set to "none" no change will be made. "newSession" will create a new empty session.
"migrateSession" will create a new session and copy the session attributes to the new session. Defaults to
We may need newSession instead here.