diff --git a/chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java b/chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java
index de665a8..6f027b4 100644
--- a/chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java
+++ b/chatto/src/main/java/org/ros/chatto/WebSecurityConfiguration.java
@@ -90,23 +90,23 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
 	}
 
-	
-
 	@Configuration
 	@Order(2)
 	public static class FormWebSecurity extends WebSecurityConfigurerAdapter {
 		@Autowired
 		private MySimpleUrlAuthenticationSuccessHandler mySimpleUrlAuthenticationSuccessHandler;
-		
+
 		@Autowired
 		private MyLogoutSuccessHandler myLogoutSuccessHandler;
-		
+
 		@Override
 		protected void configure(HttpSecurity httpSecurity) throws Exception {
-			httpSecurity.authorizeRequests()
+			httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
+
+					.authorizeRequests()
 //            		.antMatchers(HttpMethod.POST, "/api/**").permitAll()
-					.antMatchers("/", "perform_login","/logout**" ,"/favicon.ico","/login*", "/registration", "/perform_registration", "/css/**",
-							"/js/**", "/img/**")
+					.antMatchers("/", "perform_login", "/logout**", "/favicon.ico", "/login*", "/registration",
+							"/perform_registration", "/css/**", "/js/**", "/img/**")
 					.permitAll()
 //                    .antMatchers("/","/api**","/api/**","/login*","/registration","/perform_registration","/css/**", "/js/**", "/images/**").permitAll()
 					.antMatchers("/user/**").hasAnyRole("USER", "ADMIN", "SUPER_USER").antMatchers("/admin/**")
@@ -119,9 +119,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 					.and()
 
 					.formLogin().loginPage("/login").permitAll().loginProcessingUrl("/perform_login")
-                    .successHandler(mySimpleUrlAuthenticationSuccessHandler)
-                    .and()
-                    .logout().logoutSuccessHandler(myLogoutSuccessHandler)
+					.successHandler(mySimpleUrlAuthenticationSuccessHandler).and().logout()
+					.logoutSuccessHandler(myLogoutSuccessHandler)
 //					.failureUrl("/?login_error")
 //					.and()
 //					.logout().invalidateHttpSession(true)
@@ -130,7 +129,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 //					.logoutSuccessUrl("/").permitAll()
 //					.and().httpBasic();
 //					.and().cors()
-					.and().csrf().disable();
+//					.and().csrf().disable();
 			;
 //    	    	httpSecurity
 //    	    		.csrf().disable()
@@ -152,7 +151,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 //	    }
 
 	}
-	
+
 //	@Override
 //    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 //        auth.eraseCredentials(false);