Allows pluggable support for HttpSession-related behaviour when an authentication occurs.
Strategy which handles concurrent session-control, in addition to the functionality provided by the base class.
The default implementation of
Thrown by an SessionAuthenticationStrategy to indicate that an authentication object is not valid for the current session, typically because the same user has exceeded the number of sessions they are allowed to have concurrently.
Comes with support for: