public interface SessionAuthenticationStrategy
Typical use would be to make sure a session exists or to change the session Id to guard against session-fixation attacks.
void onAuthentication(Authentication authentication, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws SessionAuthenticationException
SessionAuthenticationException- if it is decided that the authentication is not allowed for the session. This will typically be because the user has too many sessions open at once.